Описание
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sqlite3 | fixed | 3.30.1+fossil191229-1 | package | |
| sqlite3 | not-affected | stretch | package | |
| sqlite3 | not-affected | jessie | package | |
| sqlite | not-affected | package |
Примечания
https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
CLI crash is only triggerable with SQLITE_DEBUG builds by reaching an asserion statement
in sqlite3VdbeExec function. Debian does not use SQLITE_DEBUG for the regular builds.
In non-debug builds this results in wrong output/result from the query only.
https://bugzilla.redhat.com/show_bug.cgi?id=1777945#c3
EPSS
Связанные уязвимости
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
Уязвимость функции sqlite3Select системы управления базами данных SQLite, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS