SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
Reference and upstream commit:
Created mingw-sqlite tracking bugs for this issue:
Affects: epel-7 [bug 1778870]
Affects: fedora-all [bug 1778869]
Created sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1778868]
There's an issue with SQLite when using a generated column which is evaluated to a constant value as index for a table. When evaluating the SQL expression containing a join clause referencing the generated column, an internal field representing the tables involved on the join is set to NULL. However, due to an error in the logic used during expression evaluation the same field is further dereferenced leading to an NULL pointer dereference. An attack may leverage this flaw to cause DoS.
The Attack Complexity may be considered high as the attack needs to triage the existance of a table with such schema, a query with the aspects mentioned above and a way to trigger it. The availability impact when an attack is successful may be considered High.