Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by alpinelinux
CVE-2021-36158 (GCVE-0-2021-36158)
Vulnerability from cvelistv5 – Published: 2021-07-05 22:36 – Updated: 2024-08-04 00:47
VLAI
Summary
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.alpinelinux.org/alpine/aports/-/is… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-05T22:36:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36158",
"datePublished": "2021-07-05T22:36:13.000Z",
"dateReserved": "2021-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:47:43.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30139 (GCVE-0-2021-30139)
Vulnerability from cvelistv5 – Published: 2021-04-21 15:14 – Updated: 2024-08-03 22:24
VLAI
Summary
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.alpinelinux.org/alpine/apk-tools/-… | x_refsource_MISC |
| https://gitlab.alpinelinux.org/alpine/aports/-/is… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-21T15:14:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"name": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30139",
"datePublished": "2021-04-21T15:14:55.000Z",
"dateReserved": "2021-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12875 (GCVE-0-2019-12875)
Vulnerability from cvelistv5 – Published: 2019-06-18 18:09 – Updated: 2024-08-04 23:32
VLAI
Summary
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sroracle/abuild/commit/4f90ce9… | x_refsource_MISC |
| https://code.foxkit.us/adelie/packages/commit/15b… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019062… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T09:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b",
"refsource": "MISC",
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"name": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391",
"refsource": "MISC",
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12875",
"datePublished": "2019-06-18T18:09:20.000Z",
"dateReserved": "2019-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000849 (GCVE-0-2018-1000849)
Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-09-17 03:43
VLAI
Summary
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://justi.cz/security/2018/09/13/alpine-apk-r… | x_refsource_MISC |
| https://alpinelinux.org/posts/Alpine-3.8.1-releas… | x_refsource_MISC |
| https://git.alpinelinux.org/cgit/apk-tools/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.487947",
"DATE_REQUESTED": "2018-11-21T15:16:04",
"ID": "CVE-2018-1000849",
"REQUESTER": "d@duniel.no",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource": "MISC",
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource": "MISC",
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource": "MISC",
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000849",
"datePublished": "2018-12-20T15:00:00.000Z",
"dateReserved": "2018-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9669 (GCVE-0-2017-9669)
Vulnerability from cvelistv5 – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/25/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/99340 | vdb-entryx_refsource_BID |
| https://www.twistlock.com/2017/06/25/alpine-linux… | x_refsource_MISC |
Date Public
2017-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9669",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9671 (GCVE-0-2017-9671)
Vulnerability from cvelistv5 – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/25/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/99340 | vdb-entryx_refsource_BID |
| https://www.twistlock.com/2017/06/25/alpine-linux… | x_refsource_MISC |
Date Public
2017-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9671",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:00.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36158 (GCVE-0-2021-36158)
Vulnerability from nvd – Published: 2021-07-05 22:36 – Updated: 2024-08-04 00:47
VLAI
Summary
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.alpinelinux.org/alpine/aports/-/is… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-05T22:36:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36158",
"datePublished": "2021-07-05T22:36:13.000Z",
"dateReserved": "2021-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:47:43.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30139 (GCVE-0-2021-30139)
Vulnerability from nvd – Published: 2021-04-21 15:14 – Updated: 2024-08-03 22:24
VLAI
Summary
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.alpinelinux.org/alpine/apk-tools/-… | x_refsource_MISC |
| https://gitlab.alpinelinux.org/alpine/aports/-/is… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-21T15:14:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
},
{
"name": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606",
"refsource": "MISC",
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30139",
"datePublished": "2021-04-21T15:14:55.000Z",
"dateReserved": "2021-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12875 (GCVE-0-2019-12875)
Vulnerability from nvd – Published: 2019-06-18 18:09 – Updated: 2024-08-04 23:32
VLAI
Summary
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sroracle/abuild/commit/4f90ce9… | x_refsource_MISC |
| https://code.foxkit.us/adelie/packages/commit/15b… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019062… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T09:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b",
"refsource": "MISC",
"url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
},
{
"name": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391",
"refsource": "MISC",
"url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12875",
"datePublished": "2019-06-18T18:09:20.000Z",
"dateReserved": "2019-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000849 (GCVE-0-2018-1000849)
Vulnerability from nvd – Published: 2018-12-20 15:00 – Updated: 2024-09-17 03:43
VLAI
Summary
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://justi.cz/security/2018/09/13/alpine-apk-r… | x_refsource_MISC |
| https://alpinelinux.org/posts/Alpine-3.8.1-releas… | x_refsource_MISC |
| https://git.alpinelinux.org/cgit/apk-tools/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.487947",
"DATE_REQUESTED": "2018-11-21T15:16:04",
"ID": "CVE-2018-1000849",
"REQUESTER": "d@duniel.no",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux\u0027 package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource": "MISC",
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource": "MISC",
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource": "MISC",
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000849",
"datePublished": "2018-12-20T15:00:00.000Z",
"dateReserved": "2018-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9671 (GCVE-0-2017-9671)
Vulnerability from nvd – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/25/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/99340 | vdb-entryx_refsource_BID |
| https://www.twistlock.com/2017/06/25/alpine-linux… | x_refsource_MISC |
Date Public
2017-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9671",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:00.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9669 (GCVE-0-2017-9669)
Vulnerability from nvd – Published: 2017-07-17 21:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/25/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/99340 | vdb-entryx_refsource_BID |
| https://www.twistlock.com/2017/06/25/alpine-linux… | x_refsource_MISC |
Date Public
2017-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow in apk (Alpine Linux\u0027s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170625 CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine\u0027s package manager)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/25/2"
},
{
"name": "99340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99340"
},
{
"name": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9669",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}