selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Weakness
The product does not handle or incorrectly handles an exceptional condition.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sqlite | Sqlite | 3.30.1 (including) | 3.30.1 (including) |
| Red Hat Enterprise Linux 8 | RedHat | sqlite-0:3.26.0-11.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | sqlite-0:3.26.0-11.el8 | * |
| Sqlite3 | Ubuntu | bionic | * |
| Sqlite3 | Ubuntu | disco | * |
| Sqlite3 | Ubuntu | eoan | * |
| Sqlite3 | Ubuntu | esm-infra/bionic | * |
| Sqlite3 | Ubuntu | esm-infra/xenial | * |
| Sqlite3 | Ubuntu | precise/esm | * |
| Sqlite3 | Ubuntu | trusty | * |
| Sqlite3 | Ubuntu | upstream | * |
| Sqlite3 | Ubuntu | xenial | * |
References
- https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html
- https://security.gentoo.org/glsa/202007-26
- https://usn.ubuntu.com/4298-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html
- https://security.gentoo.org/glsa/202007-26
- https://usn.ubuntu.com/4298-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html