SQLite Forum

A format string vulnerability in tool used to help build SQLite's TCL extension on Windows
(Replying only after calming myself on this "CVE".)

In addition to being of zero (non-political) consequence to the SQLite project, the revised nmakehelp.c from its source project has now replaced that "buggy" version. See <u>[check-in 595bf95](https://www.sqlite.org/src/info/595bf95bf8884c54)</u>. So, it's fixed.

BTW, all C compilers should have a CVE because they will compile:<code>
  \#include <stdlib.h>
  int main(){
    return *((int *)rand());