os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html
http://www.openwall.com/lists/oss-security/2016/07/01/1
http://www.openwall.com/lists/oss-security/2016/07/01/2
http://www.securityfocus.com/bid/91546
http://www.sqlite.org/cgi/src/info/67985761aa93fb61
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Source: MITRE
Published: 2016-09-26
Updated: 2018-10-30
Type: CWE-20
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 5.9
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Impact Score: 3.4
Exploitability Score: 2.5
Severity: MEDIUM