PT-2016-3447 · Sqlite+5 · Sqlite+5

Hank Leininger

Publicado

2016-03-24

Atualizado

2023-06-28

CVE-2016-6153

CVSS v3.1

5.9

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.13.0

Description The issue is related to insufficient input validation in the os unix.c component of the SQLite database management system. This could allow an attacker to access sensitive information, compromise data integrity, and cause a denial of service. The vulnerability is due to the improper implementation of the temporary directory search algorithm, which might allow local users to obtain sensitive information or cause the application to crash by leveraging the use of the current working directory for temporary files.

Recommendations For versions prior to 3.13.0, update to version 3.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory to minimize the risk of exploitation. Avoid using the current working directory for temporary files until the issue is resolved.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2016-1628

BDU:2023-03806

CVE-2016-6153

DLA-3431-1

DLA-543-1

MGASA-2016-0255

MGASA-2023-0208

SUSE-SU-2016:1945-1

SUSE-SU-2016:2021-1

SUSE-SU-2016_1945-1

SUSE-SU-2016_2021-1

SUSE-SU-2019:0973-1

SUSE-SU-2019_0973-1

SUSE-SU-2021:3215-1

USN-4019-1

USN-4019-2

Produtos afetados

Alt Linux

Astra Linux

Sqlite

Suse

Ubuntu

Itunes

PT-2016-3447 · Sqlite+5 · Sqlite+5

CVE-2016-6153

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 154