The package sqlite before version 3.32.3-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-202006-11
Date : 2020-06-28
CVE-ID : CVE-2020-13871
Package : sqlite
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1182
The package sqlite before version 3.32.3-1 is vulnerable to arbitrary
Upgrade to 3.32.3-1.
# pacman -Syu "sqlite>=3.32.3-1"
The problem has been fixed upstream in version 3.32.3.
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
An attacker might be able to crash the application or execute arbitrary
code by running a crafted query.