Search criteria
9 vulnerabilities found for alpine_linux by alpinelinux
FKIE_CVE-2018-1000849
Vulnerability from fkie_nvd - Published: 2018-12-20 15:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alpinelinux.org/posts/Alpine-3.8.1-released.html | Vendor Advisory | |
| cve@mitre.org | https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1 | Patch, Vendor Advisory | |
| cve@mitre.org | https://justi.cz/security/2018/09/13/alpine-apk-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alpinelinux.org/posts/Alpine-3.8.1-released.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://justi.cz/security/2018/09/13/alpine-apk-rce.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alpinelinux | alpine_linux | * | |
| alpinelinux | alpine_linux | * | |
| alpinelinux | alpine_linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81A95F39-06AF-400D-AEA2-A290A4EEFF85",
"versionEndExcluding": "2.6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED0AD4B-6C38-441A-9FA5-2A65267AD0F0",
"versionEndExcluding": "2.7.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF27524-3004-43AE-8BE4-06AC56E28247",
"versionEndExcluding": "2.10.1",
"versionStartIncluding": "2.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
},
{
"lang": "es",
"value": "Alpine Linux, en versiones anteriores a la 2.6.10, 2.7.6 y 2.10.1, contiene una vulnerabilidad desconocida en apk-tools (el gestor de paquetes de Alpine Linux) que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. Este ataque parece ser explotable mediante un archivo APK especialmente manipulado, que puede provocar que la apk escriba datos arbitrarios en un archivo especificado por el atacante, debido a errores en el manejo de un nombre largo objetivo y la forma en la que se extrae un archivo normal. La vulnerabilidad parece haber sido solucionada en las versiones 2.6.10, 2.7.6 y 2.10.1."
}
],
"id": "CVE-2018-1000849",
"lastModified": "2024-11-21T03:40:29.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T15:29:02.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9669
Vulnerability from fkie_nvd - Published: 2017-07-17 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/06/25/2 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99340 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/06/25/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99340 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alpinelinux | alpine_linux | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBEEBA1-DEC3-4AD1-A1C5-53A2AED36EB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
},
{
"lang": "es",
"value": "Un heap overflow en la apk (Paquete de gesti\u00f3n de Linux Alpine) permite a un atacante remoto causar una denegaci\u00f3n de servicio, o conseguir la ejecuci\u00f3n de c\u00f3digo, mediante la manipulaci\u00f3n del archivo malicioso APKINDEX.tar.gz"
}
],
"id": "CVE-2017-9669",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9671
Vulnerability from fkie_nvd - Published: 2017-07-17 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/06/25/2 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99340 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/06/25/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99340 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alpinelinux | alpine_linux | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBEEBA1-DEC3-4AD1-A1C5-53A2AED36EB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
},
{
"lang": "es",
"value": "Un heap overflow en la apk (Paquete de gesti\u00f3n de Linux Alpine) permite a un atacante remoto causar una denegaci\u00f3n de servicio, o conseguir la ejecuci\u00f3n de c\u00f3digo, mediante la manipulaci\u00f3n del archivo malicioso APKINDEX.tar.gz con un mal bloque en cabecera pax."
}
],
"id": "CVE-2017-9671",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1000849 (GCVE-0-2018-1000849)
Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.487947",
"DATE_REQUESTED": "2018-11-21T15:16:04",
"ID": "CVE-2018-1000849",
"REQUESTER": "d@duniel.no",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource": "MISC",
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource": "MISC",
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource": "MISC",
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000849",
"datePublished": "2018-12-20T15:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9671 (GCVE-0-2017-9671)
Vulnerability from cvelistv5 – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9671",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-06-15T00:00:00",
"dateUpdated": "2024-08-05T17:18:00.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9669 (GCVE-0-2017-9669)
Vulnerability from cvelistv5 – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9669",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-06-15T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000849 (GCVE-0-2018-1000849)
Vulnerability from nvd – Published: 2018-12-20 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.487947",
"DATE_REQUESTED": "2018-11-21T15:16:04",
"ID": "CVE-2018-1000849",
"REQUESTER": "d@duniel.no",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource": "MISC",
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource": "MISC",
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource": "MISC",
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000849",
"datePublished": "2018-12-20T15:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9671 (GCVE-0-2017-9671)
Vulnerability from nvd – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9671",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-06-15T00:00:00",
"dateUpdated": "2024-08-05T17:18:00.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9669 (GCVE-0-2017-9669)
Vulnerability from nvd – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9669",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-06-15T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}