Bug 1181261 - (CVE-2021-20227) VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate
(CVE-2021-20227)
VUL-0: CVE-2021-20227: sqlite3: potential use-after-free bug when processing ...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Reinhard Max
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-21 19:58 UTC by Andreas Stieger
Modified: 2021-04-06 18:46 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2021-01-21 19:58:37 UTC
SQLite 3.34.1 fixes a potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate.

References:
https://sqlite.org/src/info/30a4c323650cc949
https://www.sqlite.org/releaselog/3_34_1.html
Comment 1 Alexandros Toptsoglou 2021-02-02 16:32:36 UTC
This seems to affect only 3.33 and on at [1]. Internal codestreams are not affected. Factory already ships 3.34.1

[1]https://sqlite.org/src/info/6e6b3729e0549de0