SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step==SQLITE_ROW` is false and a data structure is never initialized. An attacker might use this for a denial of service. Fixed in:¶ 3.21.0