SQLite Forum

When will/were recent "sqlite3 new security issues CVEs" be addressed?
I've been working on a draft web-page about CVEs and SQLite.  It includes a
[table of recent CVEs][1].

[1]: https://www.sqlite.org/draft/cves.html#cvetab

But it occurs to me that I am perhaps giving this CVEs more weight than
they deserve.  All of these CVEs can be safely ignored.  Follow my

  1.  All of the CVEs have a precondition that the attacker must be able
      to inject and run arbitrary SQL.

  2.  The worst outcome is denial-of-service.

  3.  But if an attacker has the ability to inject and run arbitrary SQL,
      they don't need any bugs in SQLite in order to execute a denial of
      service attack.  All they have to do is puts in some SQL that uses
      a lot of CPU or memory or disk I/O and they can effectively shut the
      service down that way.  It isn't hard to devise a small bit of
      perfectly valid and legal SQL that uses an enormous amount of CPU or

  4.  Hence, none of the CVEs in the chart are "real".  They are bugs
      (now fixed), but none of them give an attacker any more leverage
      for disrupting the system than the attacker had to begin with.

Am I completely off-base with this argument?