In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libsqlite3-tcl-dbgsym": "3.31.1-4ubuntu0.2", "lemon-dbgsym": "3.31.1-4ubuntu0.2", "libsqlite3-0-dbgsym": "3.31.1-4ubuntu0.2", "sqlite3-dbgsym": "3.31.1-4ubuntu0.2", "libsqlite3-tcl": "3.31.1-4ubuntu0.2", "libsqlite3-0": "3.31.1-4ubuntu0.2", "libsqlite3-dev": "3.31.1-4ubuntu0.2", "sqlite3-doc": "3.31.1-4ubuntu0.2", "sqlite3": "3.31.1-4ubuntu0.2", "lemon": "3.31.1-4ubuntu0.2" } ] }