Main Vulnerability Database SB2019010836

SB2019010836 - Memory leak in phpmyadmin (Alpine package)

Published: January 8, 2019

Security Bulletin ID SB2019010836

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2018-19968)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory leak. A remote attacker with valid credentials can log in to phpMyAdmin, gain access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access to leak the contents of a local file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=7bbc0dad2f8260a50fa078b831a3b1a46024aaac
https://git.alpinelinux.org/aports/commit/?id=70ea79c1c7c3e2187967fb04101d410b1d749390
https://git.alpinelinux.org/aports/commit/?id=327df2ce21328db30da75277c323014af26c0b5c