In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAlpinelinux Apk Tools
OSAlpinelinux< 2.10.62.12.0 – 2.12.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Powiązane podatności
CVE-2022-22704CRITICAL9.8ten sam vendor
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root becau...
CVE-2019-5021CRITICAL9.8ten sam vendor
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. ...
CVE-2018-1000849HIGH8.8ten sam vendor
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk...
CVE-2017-9671HIGH7.8ten sam vendor
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service,...
CVE-2017-9669HIGH7.8ten sam vendor
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service,...