7 matches found
GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...
GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...
CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...
Ubuntu: Security Advisory (USN-7360-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:12314-1 alpine-2.26-27.1 on GA media
These are all security issues fixed in the alpine-2.26-27.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10613-1 alpine-2.25-24.1 on GA media
These are all security issues fixed in the alpine-2.25-24.1 package on the GA media of openSUSE Tumbleweed...
MGASA-2021-0014 Updated alpine and c-client packages fix security vulnerability
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...