ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
{ "vanir_signatures": [ { "target": { "function": "zipfileStep", "file": "ext/misc/zipfile.c" }, "signature_type": "Function", "source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", "id": "CVE-2019-19959-431abe6e", "signature_version": "v1", "deprecated": false, "digest": { "function_hash": "104339471913397942939802911122431979945", "length": 3477.0 } }, { "target": { "file": "ext/misc/zipfile.c" }, "signature_type": "Line", "source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", "id": "CVE-2019-19959-59eebaea", "signature_version": "v1", "deprecated": false, "digest": { "line_hashes": [ "71814066614843432280980704712041473121", "216645858504996865357112267072969184675", "239335266313309969182533178229610865249", "311079271625203409937280754956246384681", "121580900095085822418106151995070470985", "164197602074587106059057669333140638102", "129292076946546125971028062544365850448", "327556687166518588200911711471829254530", "313001803275392618590594638361048665402", "128213423916597175769527743849561227405", "60063495468950244746442318769766841350", "158794796601896323848342222817397211861" ], "threshold": 0.9 } }, { "target": { "function": "zipfileUpdate", "file": "ext/misc/zipfile.c" }, "signature_type": "Function", "source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1", "id": "CVE-2019-19959-b8c3c9ae", "signature_version": "v1", "deprecated": false, "digest": { "function_hash": "59544577747646981207317814512786475191", "length": 3893.0 } } ] }