CVE-2016-6153 — MEDIUM (5.9)

Q: How severe is CVE-2016-6153?

CVE-2016-6153 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6153?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Fedoraproject Fedora, Opensuse Leap.

Vulnerability Description

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Sqlite	Sqlite	<= 3.12.2
Fedoraproject	Fedora	24
Opensuse	Leap	42.1

Related Weaknesses (CWE)

CWE-20

References

http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/01/1PatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/01/2Third Party Advisory
http://www.securityfocus.com/bid/91546Third Party Advisory
http://www.sqlite.org/cgi/src/info/67985761aa93fb61Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txtThird Party Advisory
https://www.sqlite.org/releaselog/3_13_0.htmlRelease Notes
https://www.tenable.com/security/tns-2016-20
http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/01/1PatchThird Party Advisory

FAQ

What is CVE-2016-6153?

CVE-2016-6153 is a vulnerability with a CVSS score of 5.9 (MEDIUM). os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application ...

How severe is CVE-2016-6153?

CVE-2016-6153 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6153?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Fedoraproject Fedora, Opensuse Leap.