In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Created mingw-sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1851962]
Created sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1851963]
As noted here: https://www.sqlite.org/src/tktview?name=8f157e8010
this bug was apparently introduced in upstream version 3.25.0 with the new use of transitive properties for constant propagation.
This flaw did not affect the versions of SQLite as shipped with Red Hat Enterprise Linux 7 as they did not include support for the WHERE-clause constant propagation optimization. This optimization was introduced in a later version of the package (3.25.0).
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:1581 https://access.redhat.com/errata/RHSA-2021:1581
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):