exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Reference and upstream commit: https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1787036] Affects: fedora-all [bug 1787034] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1787035]
This is basically crash when processing certain integer values in a ORDER statement.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0514 https://access.redhat.com/errata/RHSA-2020:0514
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19880