Thanks for the report! The problem is now [fixed on trunk][1]. Notes: * This only happens if SQLite is compiled with `-DSQLITE_ENABLE_EXPLAIN_COMMENTS` and with `-DSQLITE_ENABLE_STAT4`. Most builds of SQLite do not include either of those options. * Even when it does happen, the uninitialized integer is the input to an %d format for a string that is used as a debugging comment in the byte-code. So, in other words, the problem causes a goofy comment to appear in the comment column of the EXPLAIN output. In other words, it is utterly harmless. It is good that the problem was found. (Thanks, borrrden!) I only include the notes above to try to prevent a CVE from being written with a scary headline: "Critical Uninitialized Variable Usage In SQLite 3.32.1" How sad that CVE politics have degenerated to the point that I feel the need to do that.... [1]: https://www.sqlite.org/src/info/1cb248a3fc4c35c5