Information disclosure in mariadb (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-5584 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
mariadb (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU32224
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5584
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
MitigationInstall update from vendor's website.
Vulnerable software versionsmariadb (Alpine package): 5.5.47-r0 - 10.1.18-r0
CPE2.3- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.47-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.51-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.53-r0:*:*:*:*:alpine_linux:*:3.2
https://git.alpinelinux.org/aports/commit/?id=66bf57c6b5f7d9abc69cbf312aadb60bf9dbc166
https://git.alpinelinux.org/aports/commit/?id=e99a8188408245488994353100705f3ef6fb0326
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
