CVE-2016-6153
MEDIUMSQLite < 3.13.0 - Denial of Service via Temporary Directory Search Algorithm
Title source: llmDescription
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
References (13)
Core 13
Core References
Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html
Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2016/07/01/2
Third Party Advisory vdb-entry
http://www.securityfocus.com/bid/91546
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/
Patch, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2016/07/01/1
Vendor Advisory vendor-advisory
https://usn.ubuntu.com/4019-1/
Vendor Advisory vendor-advisory
https://usn.ubuntu.com/4019-2/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html
Vendor Advisory
http://www.sqlite.org/cgi/src/info/67985761aa93fb61
Third Party Advisory
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Release Notes
https://www.sqlite.org/releaselog/3_13_0.html
Third Party Advisory
https://www.tenable.com/security/tns-2016-20
Scores
CVSS v3
5.9
EPSS
0.0009
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-20
Status
published
Products (3)
fedoraproject/fedora
24
opensuse/leap
42.1
sqlite/sqlite
< 3.12.2
Published
Sep 26, 2016
Tracked Since
Feb 18, 2026