CVE-2016-6153

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.13.0

Description The issue is related to insufficient input validation in the os unix.c component of the SQLite database management system. This could allow an attacker to access sensitive information, compromise data integrity, and cause a denial of service. The vulnerability is due to the improper implementation of the temporary directory search algorithm, which might allow local users to obtain sensitive information or cause the application to crash by leveraging the use of the current working directory for temporary files.

Recommendations For versions prior to 3.13.0, update to version 3.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory to minimize the risk of exploitation. Avoid using the current working directory for temporary files until the issue is resolved.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-1628

BDU:2023-03806

CVE-2016-6153

DLA-3431-1

DLA-543-1

MGASA-2016-0255

MGASA-2023-0208

SUSE-SU-2016:1945-1

SUSE-SU-2016:2021-1

SUSE-SU-2016_1945-1

SUSE-SU-2016_2021-1

SUSE-SU-2019:0973-1

SUSE-SU-2019_0973-1

SUSE-SU-2021:3215-1

USN-4019-1

USN-4019-2

Affected Products

Alt Linux

Astra Linux

Sqlite

Suse

Ubuntu

Itunes

CVE-2016-6153

Weakness Enumeration

Related Identifiers

Affected Products

References · 154