It's bugs like this one that lead me to believe that yes, "rewrite everything in Rust" is in fact the solution.

I have the greatest respect for the quality of the SQLite codebase, which is one of the best-tested open source projects in existence, but at the end of the day, if formatting a string can lead to arbitrary code execution, it's time to question the foundations you're building on.

As long as C and C++ are considered acceptable languages for writing mission critical software, these vulnerabilities will never go away. We have incredible static analysis tools and hyper-advanced fuzzers driven by genetic algorithms, and yet this continues to happen despite every precaution imaginable being taken.

It's time to fix the problem at its root. Languages that are memory unsafe by default need to be phased out sooner rather than later.