Does CVE-2022-35737 affect Microsoft.Data.Sqlite?

[NPC-RX]

Recently, we discovered a vulnerability report CVE-2022-35737 in SQLite, but we are not sure if programs that use "Microsoft.Data.Sqlite" are affected by this vulnerability.
If the dependency is affected by this vulnerability, what would trigger the issue? And what is the affected dependency version?
https://thehackernews.com/2022/10/22-year-old-vulnerability-reported-in.html

[bricelam]

The vulnerability relates to SQLite's implementation of printf. Entity Framework Core, Microsoft.Data.Sqlite, and SQLitePCLRaw never call these APIs.

Your application is only affected if it calls the printf/format SQL function with the vulnerable substitution strings (%Q, %q & %w), or if it calls the corresponding C APIs directly.

For now, you can manually update the SQLitePCLRaw packages to version 2.1.1 or newer to bring in a patched version of the native SQLite library.

We are looking into updating our NuGet package dependencies in a future patch.

[NPC-RX]

OK, thanks for your information

[roji]

Reopening to track using the newer version and servicing.