Description os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
CVSS vector CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability: 2.5 | Impact: 3.4 Attack Vector: Local
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low
Affected Packages3 packages Also affects: Fedora 24
🔴 Vulnerability Details3 GHSA GHSA-c7vx-xpvf-fj57: os_unix ↗ 2022-05-14 ▶ OSV CVE-2016-6153: os_unix ↗ 2016-09-26 ▶ CVEList CVE-2016-6153: os_unix ↗ 2016-09-26 ▶
📋 Vendor Advisories6 Ubuntu SQLite vulnerabilities ↗ 2019-06-19 ▶ Ubuntu SQLite vulnerabilities ↗ 2019-06-19 ▶ Apple CVE-2016-6153: iTunes 12.6 for Windows ↗ 2017-03-21 ▶ Apple CVE-2016-6153: iTunes 12.6 ↗ 2017-03-21 ▶ Red Hat sqlite: Tempdir selection vulnerability ↗ 2016-07-01 ▶ Show 1 more
💬 Community6 Bugzilla CVE-2016-6153 sqlite2: sqlite: Tempdir selection vulnerability [epel-all] ↗ 2016-07-04 ▶ Bugzilla CVE-2016-6153 mingw-sqlite: sqlite: Tempdir selection vulnerability [epel-7] ↗ 2016-07-04 ▶ Bugzilla CVE-2016-6153 mingw-sqlite: sqlite: Tempdir selection vulnerability [fedora-all] ↗ 2016-07-04 ▶ Bugzilla CVE-2016-6153 sqlite2: sqlite: Tempdir selection vulnerability [fedora-all] ↗ 2016-07-04 ▶ Bugzilla CVE-2016-6153 sqlite: Tempdir selection vulnerability [fedora-all] ↗ 2016-07-04 ▶ Show 1 more