Information disclosure in postgresql (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-7484 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
postgresql (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU6892
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7484
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper privilege checking before providing information from pg_statistic. A remote attacker can send a specially crafted request to bypass SELECT privilege checks, cause memory leak and steal some information from ostensibly restricted tables.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Vulnerable software versionspostgresql (Alpine package): 9.4.6-r0 - 9.4.11-r0
CPE2.3- cpe:2.3:a:alpine:postgresql_alpine_package:9.4.6-r0:*:*:*:*:alpine_linux:*:3.3
- cpe:2.3:a:alpine:postgresql_alpine_package:9.4.9-r0:*:*:*:*:alpine_linux:*:3.3
- cpe:2.3:a:alpine:postgresql_alpine_package:9.4.11-r0:*:*:*:*:alpine_linux:*:3.2
https://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
https://git.alpinelinux.org/aports/commit/?id=c2110f5a7667d71596172fb142d3a573bb958c83
https://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
https://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
https://git.alpinelinux.org/aports/commit/?id=9413330e55d1431c18c7df8b66ad98cdc9d278c7
https://git.alpinelinux.org/aports/commit/?id=a1b0125ba4bfed27de55787fb462438f34f6d51f
https://git.alpinelinux.org/aports/commit/?id=65a4706f6e8f861c00b64188cc452941d250cf11
https://git.alpinelinux.org/aports/commit/?id=d0be17ae8d8f3272088069ac60a286ef7749f270
https://git.alpinelinux.org/aports/commit/?id=798e64986d80e885bfca2aa48a03160d000eea9c
https://git.alpinelinux.org/aports/commit/?id=b450bf3980b7ea0d8f05b827cbd9e9db745f1410
https://git.alpinelinux.org/aports/commit/?id=b89a0b6b92fee8e782b4ada572a6fefdb853bb54
https://git.alpinelinux.org/aports/commit/?id=d116ac43af74d2460e4d17ca1a9d175b24467cb8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
