SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
[
{
"id": "CVE-2019-19924-0cbda4f5",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 510.0,
"function_hash": "289341195574350212391054022878281305145"
},
"target": {
"function": "codeCompare",
"file": "src/expr.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
},
{
"id": "CVE-2019-19924-3ebbb9e3",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 3044.0,
"function_hash": "261577890961411014898351609100443694783"
},
"target": {
"function": "sqlite3WindowRewrite",
"file": "src/window.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
},
{
"id": "CVE-2019-19924-556c1242",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"325699382715287326009987521307471454456",
"270222519232114022808879911164492275075",
"234771701567774970236996005718943768462",
"157367755804963360587907976423518170340",
"251448130515872088556476770431500172221",
"144272897311174661132725549144917480053",
"33614506948838653228691560302179833877"
],
"threshold": 0.9
},
"target": {
"file": "src/window.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
},
{
"id": "CVE-2019-19924-6d9de27b",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"11434213176979394703454359497710365439",
"310763219010397771047909940992835381421",
"156757343900631303322355437558628914552"
],
"threshold": 0.9
},
"target": {
"file": "src/expr.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
},
{
"id": "CVE-2019-19924-b0007590",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"215444345926076654548411634251613729759",
"252380961147499365412023835791821933268",
"123604298311559770011683048397407628154",
"333404582138517325406381684493404653273"
],
"threshold": 0.9
},
"target": {
"file": "src/vdbeaux.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
},
{
"id": "CVE-2019-19924-d9b45c3a",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 465.0,
"function_hash": "9434467424313002811330113527187731038"
},
"target": {
"function": "vdbeVComment",
"file": "src/vdbeaux.c"
},
"source": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3",
"deprecated": false
}
]