Vulnerability Details : CVE-2016-6153
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Vulnerability category: Denial of service
Products affected by CVE-2016-6153
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6153
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6153
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
2.5
|
3.4
|
NIST |
CWE ids for CVE-2016-6153
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6153
-
https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html
[SECURITY] [DLA 3431-1] sqlite security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/
[SECURITY] Fedora 24 Update: sqlite-3.13.0-1.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
[SECURITY] Fedora 29 Update: mingw-sqlite-3.26.0.0-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://www.tenable.com/security/tns-2016-20
[R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | TenableĀ®
-
http://www.openwall.com/lists/oss-security/2016/07/01/1
oss-security - SQLite Tempdir Selection VulnerabilityPatch;Third Party Advisory
-
https://usn.ubuntu.com/4019-1/
USN-4019-1: SQLite vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4019-2/
USN-4019-2: SQLite vulnerabilities | Ubuntu security notices
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/
[SECURITY] Fedora 24 Update: sqlite-3.13.0-1.fc24 - package-announce - Fedora mailing-lists
-
http://www.securityfocus.com/bid/91546
SQLite CVE-2016-6153 Insecure Temporary File Creation VulnerabilityThird Party Advisory
-
http://www.sqlite.org/cgi/src/info/67985761aa93fb61
SQLite: Check-in [67985761]Vendor Advisory
-
https://www.sqlite.org/releaselog/3_13_0.html
SQLite Release 3.13.0 On 2016-05-18Release Notes
-
http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html
openSUSE-SU-2016:2041-1: moderate: Security update for sqlite3Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
[SECURITY] Fedora 29 Update: mingw-sqlite-3.26.0.0-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/07/01/2
oss-security - Re: SQLite Tempdir Selection VulnerabilityThird Party Advisory
Jump to