CVE-2017-9669

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

Ссылки

http://www.openwall.com/lists/oss-security/2017/06/25/2
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/99340
Third Party Advisory
VDB Entry
https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/06/25/2
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/99340
Third Party Advisory
VDB Entry
https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:alpinelinux:alpine_linux:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04376

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-3w55-pwjx-p5m9