exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
[ { "source": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "target": { "function": "exprListAppendList", "file": "src/window.c" }, "signature_type": "Function", "digest": { "function_hash": "112680190779000317143419990077986589600", "length": 564.0 }, "deprecated": false, "signature_version": "v1", "id": "CVE-2019-19880-6ff45c1d" }, { "source": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "target": { "file": "src/window.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "311498737932804913950360900180440160288", "16165726976981116835104625715379497633", "272234372325705254132985737134222466032", "80347127089613699595932092097264314480", "251644005738196124768332965214050762518", "168736889781615868846473232463709984370", "56477860602426467755939273588144168818" ] }, "deprecated": false, "signature_version": "v1", "id": "CVE-2019-19880-e1958841" } ]