Bugzilla – Bug 1169126
VUL-0: CVE-2020-11655: sqlite3: denial of service (segmentation fault) via a malformed winw-function query
Last modified: 2020-05-20 12:28:00 UTC
CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655 https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
I cannot reproduce the issue. Could you help me here Reinhard? According to the ticket the segfault appears from version 3.30.0 and on.
I cannot reproduce it either. I tried version 3.28.0 on Leap 15.1, which according to the ticket should throw an assertion fault and 3.31.1 on Tumbleweed, which should trigger a segfault. I also tried a stock build of 3.31.1 without any of the compile time knobs we turn in our RPM. But all three variants just give me "Error: DISTINCT aggregates must have exactly one argument", which is not a crash, but quite a different error message than "row value misused" which the new test case expects from a fixed version.
Closing this as Upstream