sqlite: Multiple vulnerabilities (CVE-2019-19242, CVE-2019-19244)
CVE-2019-19242: SQL injection in sqlite3ExprCodeTarget in expr.c
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19242
Patch:
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
CVE-2019-19244: Input validation error
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19244
Patch:
https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
Affected branches:
-
master -
3.10-stable -
3.9-stable -
3.8-stable