A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2017/06/25/2 | Exploit Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99340 | Third Party Advisory VDB Entry |
https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-07-17 21:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-9671
Mitre link : CVE-2017-9671
CVE.ORG link : CVE-2017-9671
JSON object : View
Products Affected
alpinelinux
- alpine_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer