CVE-2016-6153

Published: Sep 26, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.5 / Impact: 3.4

Source: NVD

Description

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

Affected (3)

Products: Sqlite: Sqlite · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sqlite Sqlite	Up to 3.12.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 24

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/01/1

Source: cve@mitre.org

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/01/2

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91546

Source: cve@mitre.org

Third Party Advisory

http://www.sqlite.org/cgi/src/info/67985761aa93fb61

Source: cve@mitre.org

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/

Source: cve@mitre.org

https://usn.ubuntu.com/4019-1/

Source: cve@mitre.org

https://usn.ubuntu.com/4019-2/

Source: cve@mitre.org

https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

Source: cve@mitre.org

Third Party Advisory

https://www.sqlite.org/releaselog/3_13_0.html

Source: cve@mitre.org

Release Notes

https://www.tenable.com/security/tns-2016-20

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/01/1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/01/2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91546

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.sqlite.org/cgi/src/info/67985761aa93fb61

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4019-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4019-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.sqlite.org/releaselog/3_13_0.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.tenable.com/security/tns-2016-20

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.