CVE-2016-6153
published 2016-09-26CVE-2016-6153: os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive…
medium5.9CVSS 3.0
AVLACLPRNUINSUCLILAL
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| debian | sqlite3 | < sqlite3 3.13.0-1 (bookworm) | sqlite3 3.13.0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| ghost | sqlite3 | >= 0 < 3.13.0-1 | 3.13.0-1 |
| ghost | sqlite3 | >= 0 < 3.13.0-1 | 3.13.0-1 |
| ghost | sqlite3 | >= 0 < 3.13.0-1 | 3.13.0-1 |
| ghost | sqlite3 | >= 0 < 3.13.0-1 | 3.13.0-1 |
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.2 | 3.11.0-1ubuntu1.2 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.1 | 3.22.0-1ubuntu0.1 |
| ghost | sqlite3 | >= 0 < 3.8.2-1ubuntu2.2+esm1 | 3.8.2-1ubuntu2.2+esm1 |
| opensuse | leap | — | — |
| sqlite | sqlite | <= 3.12.2 | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv5.9MEDIUM