CVE-2016-6153

Published: 26 September 2016

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

Priority

Negligible

CVSS 3 base score: 5.9

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.13.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.13.0-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.11.0-1ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.8.2-1ubuntu2.2+esm1)
Patches:
Upstream: https://www.sqlite.org/cgi/src/info/67985761aa93fb61
Upstream: https://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
Upstream: https://www.sqlite.org/cgi/src/info/614bb709d34e1148