SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Reference and upstream commit: https://www.sqlite.org/src/info/7a5279a25c57adf1
Created mingw-sqlite tracking bugs for this issue: Affects: fedora-all [bug 1841233] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1841235] Created sqlite2 tracking bugs for this issue: Affects: epel-all [bug 1841232] Affects: fedora-all [bug 1841234]
Upstream fix: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
Under some circumstances it is possible for a SQL expression to cause a NULL pointer dereference in sqlite3ExprCodeTarget() in expr.c, when the pInfo->aFunc struct pointer is set to 0. This may happen when rewriting a query for window functions, if the rewrite changes the depth of TK_AGG_FUNCTION nodes. An attacker would need to have a level of access that allows him to write particular SQL expressions to trigger this flaw, leading to a denial of service.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4396 https://access.redhat.com/errata/RHSA-2021:4396