SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Reference and upstream commit:
Created mingw-sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1841233]
Created sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1841235]
Created sqlite2 tracking bugs for this issue:
Affects: epel-all [bug 1841232]
Affects: fedora-all [bug 1841234]
Under some circumstances it is possible for a SQL expression to cause a NULL pointer dereference in sqlite3ExprCodeTarget() in expr.c, when the pInfo->aFunc struct pointer is set to 0. This may happen when rewriting a query for window functions, if the rewrite changes the depth of TK_AGG_FUNCTION nodes. An attacker would need to have a level of access that allows him to write particular SQL expressions to trigger this flaw, leading to a denial of service.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4396 https://access.redhat.com/errata/RHSA-2021:4396