Main Vulnerability Database Vulnerabilities #VU33345

Resource management error in phpMyAdmin - CVE-2016-6632

Published: December 11, 2016 / Updated: August 4, 2020

Vulnerability identifier: #VU33345

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-6632

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

How to mitigate CVE-2016-6632

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/92497
https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
https://security.gentoo.org/glsa/201701-32
https://www.phpmyadmin.net/security/PMASA-2016-55

Resource management error in phpMyAdmin - CVE-2016-6632

Detailed vulnerability description

How to mitigate CVE-2016-6632

Sources

Please verify you're human