Bug 1181261 – VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate

Bug 1181261 - (CVE-2021-20227) VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate

(CVE-2021-20227)
Summary:	VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing ...

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.2
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor (vote)
Target Milestone:	---
Assigned To:	Reinhard Max
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-01-21 19:58 UTC by Andreas Stieger
Modified:	2021-04-06 18:46 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2021-01-21 19:58:37 UTC

SQLite 3.34.1 fixes a potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate.

References:
https://sqlite.org/src/info/30a4c323650cc949
https://www.sqlite.org/releaselog/3_34_1.html

Comment 1 Alexandros Toptsoglou 2021-02-02 16:32:36 UTC

This seems to affect only 3.33 and on at [1]. Internal codestreams are not affected. Factory already ships 3.34.1

[1]https://sqlite.org/src/info/6e6b3729e0549de0