SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
{ "ubuntu_priority": "low", "availability": "No subscription required", "binaries": [ { "binary_name": "lemon", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "lemon-dbgsym", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "libsqlite3-0", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "libsqlite3-0-dbgsym", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "libsqlite3-dev", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "libsqlite3-tcl", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "libsqlite3-tcl-dbgsym", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "sqlite3", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "sqlite3-dbgsym", "binary_version": "3.31.1-4ubuntu0.1" }, { "binary_name": "sqlite3-doc", "binary_version": "3.31.1-4ubuntu0.1" } ] }