ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
"digest": {
"length": 3477.0,
"function_hash": "104339471913397942939802911122431979945"
},
"id": "CVE-2019-19959-431abe6e",
"signature_version": "v1",
"target": {
"function": "zipfileStep",
"file": "ext/misc/zipfile.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
"digest": {
"line_hashes": [
"71814066614843432280980704712041473121",
"216645858504996865357112267072969184675",
"239335266313309969182533178229610865249",
"311079271625203409937280754956246384681",
"121580900095085822418106151995070470985",
"164197602074587106059057669333140638102",
"129292076946546125971028062544365850448",
"327556687166518588200911711471829254530",
"313001803275392618590594638361048665402",
"128213423916597175769527743849561227405",
"60063495468950244746442318769766841350",
"158794796601896323848342222817397211861"
],
"threshold": 0.9
},
"id": "CVE-2019-19959-59eebaea",
"signature_version": "v1",
"target": {
"file": "ext/misc/zipfile.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
"digest": {
"length": 3893.0,
"function_hash": "59544577747646981207317814512786475191"
},
"id": "CVE-2019-19959-b8c3c9ae",
"signature_version": "v1",
"target": {
"function": "zipfileUpdate",
"file": "ext/misc/zipfile.c"
}
}
]