SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
{ "vanir_signatures": [ { "deprecated": false, "digest": { "function_hash": "289341195574350212391054022878281305145", "length": 510.0 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Function", "id": "CVE-2019-19924-0cbda4f5", "signature_version": "v1", "target": { "file": "src/expr.c", "function": "codeCompare" } }, { "deprecated": false, "digest": { "function_hash": "261577890961411014898351609100443694783", "length": 3044.0 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Function", "id": "CVE-2019-19924-3ebbb9e3", "signature_version": "v1", "target": { "file": "src/window.c", "function": "sqlite3WindowRewrite" } }, { "deprecated": false, "digest": { "line_hashes": [ "325699382715287326009987521307471454456", "270222519232114022808879911164492275075", "234771701567774970236996005718943768462", "157367755804963360587907976423518170340", "251448130515872088556476770431500172221", "144272897311174661132725549144917480053", "33614506948838653228691560302179833877" ], "threshold": 0.9 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Line", "id": "CVE-2019-19924-556c1242", "signature_version": "v1", "target": { "file": "src/window.c" } }, { "deprecated": false, "digest": { "line_hashes": [ "11434213176979394703454359497710365439", "310763219010397771047909940992835381421", "156757343900631303322355437558628914552" ], "threshold": 0.9 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Line", "id": "CVE-2019-19924-6d9de27b", "signature_version": "v1", "target": { "file": "src/expr.c" } }, { "deprecated": false, "digest": { "line_hashes": [ "215444345926076654548411634251613729759", "252380961147499365412023835791821933268", "123604298311559770011683048397407628154", "333404582138517325406381684493404653273" ], "threshold": 0.9 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Line", "id": "CVE-2019-19924-b0007590", "signature_version": "v1", "target": { "file": "src/vdbeaux.c" } }, { "deprecated": false, "digest": { "function_hash": "9434467424313002811330113527187731038", "length": 465.0 }, "source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "signature_type": "Function", "id": "CVE-2019-19924-d9b45c3a", "signature_version": "v1", "target": { "file": "src/vdbeaux.c", "function": "vdbeVComment" } } ] }