multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
[ { "source": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", "target": { "function": "multiSelect", "file": "src/select.c" }, "deprecated": false, "digest": { "function_hash": "142019218037466622409079240290225522005", "length": 7367.0 }, "signature_type": "Function", "id": "CVE-2019-19926-51602a0f", "signature_version": "v1" }, { "source": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", "target": { "file": "src/select.c" }, "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "171035095866789736328167640717237488084", "167155094694452406373033634918823379021", "239523074896614120501903698785276271389", "182764699437648562301353005261024955243" ] }, "signature_type": "Line", "id": "CVE-2019-19926-52ddef32", "signature_version": "v1" } ]