Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAlpinelinux Alpine Linux
OSAlpinelinux< 2.6.102.7.0 – 2.7.6 (bez)2.7.7 – 2.10.1 (bez)
Powiązane podatności
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root becau...
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. ...
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service,...
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service,...
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.