Bugzilla – Bug 1169126
VUL-0: CVE-2020-11655: sqlite3: denial of service (segmentation fault) via a malformed winw-function query
Last modified: 2020-05-20 12:28:00 UTC
SQLite through 3.31.1 allows attackers to cause a denial of service
(segmentation fault) via a malformed window-function query because the AggInfo
object's initialization is mishandled.
I cannot reproduce the issue. Could you help me here Reinhard? According to the ticket the segfault appears from version 3.30.0 and on.
I cannot reproduce it either.
I tried version 3.28.0 on Leap 15.1, which according to the ticket should throw an assertion fault and 3.31.1 on Tumbleweed, which should trigger a segfault. I also tried a stock build of 3.31.1 without any of the compile time knobs we turn in our RPM.
But all three variants just give me "Error: DISTINCT aggregates must have exactly one argument", which is not a crash, but quite a different error message than "row value misused" which the new test case expects from a fixed version.
Closing this as Upstream