Bug 1181261 (CVE-2021-20227)

Summary: VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Reinhard Max <max>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P3 - Medium CC: atoptsoglou, security-team
Version: Leap 15.2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2021-01-21 19:58:37 UTC 
SQLite 3.34.1 fixes a potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate.

References:
https://sqlite.org/src/info/30a4c323650cc949
https://www.sqlite.org/releaselog/3_34_1.html
Comment 1 Alexandros Toptsoglou 2021-02-02 16:32:36 UTC 
This seems to affect only 3.33 and on at [1]. Internal codestreams are not affected. Factory already ships 3.34.1

[1]https://sqlite.org/src/info/6e6b3729e0549de0