SQLite Forum

When will/were recent "sqlite3 new security issues CVEs" be addressed?
In the CVEs referenced in the report, the only use-after-free occurs inside
of SQLITE\_DEBUG code.  It is a read only, not a write.  It's whole purpose
is to trigger an alert on valgrind or ASAN to show us where we neglected to
clean up a data structure in the ALTER TABLE operation.  It only occurs
on debug builds, and is harmless even then.

The only uninitialized pointer dereferences are all read operations as well,
so there is no mechanisms available to subvert data elsewhere in the system.