sqlite: malformed window-function query leads to DoS (CVE-2020-11655)
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
References:
- https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
- https://nvd.nist.gov/vuln/detail/CVE-2020-11655
Patch:
https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
Affected branches:
-
master -
3.11-stable -
3.10-stable -
3.9-stable -
3.8-stable