exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Reference and upstream commit:
Created mingw-sqlite tracking bugs for this issue:
Affects: epel-7 [bug 1787036]
Affects: fedora-all [bug 1787034]
Created sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1787035]
This is basically crash when processing certain integer values in a ORDER statement.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:0514 https://access.redhat.com/errata/RHSA-2020:0514
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):