exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
{ "vanir_signatures": [ { "signature_type": "Function", "digest": { "length": 564.0, "function_hash": "112680190779000317143419990077986589600" }, "source": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "target": { "file": "src/window.c", "function": "exprListAppendList" }, "id": "CVE-2019-19880-6ff45c1d", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "311498737932804913950360900180440160288", "16165726976981116835104625715379497633", "272234372325705254132985737134222466032", "80347127089613699595932092097264314480", "251644005738196124768332965214050762518", "168736889781615868846473232463709984370", "56477860602426467755939273588144168818" ] }, "source": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "target": { "file": "src/window.c" }, "id": "CVE-2019-19880-e1958841", "deprecated": false, "signature_version": "v1" } ] }