(Replying only after calming myself on this "CVE".) In addition to being of zero (non-political) consequence to the SQLite project, the revised nmakehelp.c from its source project has now replaced that "buggy" version. See <u>[check-in 595bf95](https://www.sqlite.org/src/info/595bf95bf8884c54)</u>. So, it's fixed. BTW, all C compilers should have a CVE because they will compile:<code> \#include <stdlib.h> int main(){ return *((int *)rand()); } </code>