A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
oryginał ENCVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAlpinelinux Alpine Linux
OSAlpinelinuxwszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoSMemory
CWE
Powiązane podatności
CVE-2022-22704CRITICAL9.8ten sam produkt
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root becau...
CVE-2019-5021CRITICAL9.8ten sam produkt
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. ...
CVE-2018-1000849HIGH8.8ten sam produkt
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk...
CVE-2017-9671HIGH7.8ten sam produkt
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service,...
CVE-2021-30139HIGH7.5ten sam vendor
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.