CVE-2017-9669

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file...

ALPINE-CVE-2017-9671

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block...

CVE-2017-9671

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block...

ALPINE-CVE-2017-9669

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file...

CVE-2017-9669

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file...

CVE-2017-9671

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block...

CVE-2017-9669

Affects Alpine Linux’s package manager (apk). CVE-2017-9669 stems from a heap overflow in the tar parsing code (archive.c) triggered by a signed int blob_realloc used to grow the longname buffer. If a large size overflows, is->read may copy more bytes than allocated, causing a heap overflow. M...

CVE-2017-9671

CVE-2017-9671 , reported for Alpine Linux apk, describes a heap overflow in the tar parsing path (archive.c/apk_parse_tar) triggered by a signed int parameter in blob_realloc. The code reallocates a buffer based on newsize (int) while the buffer length is long, allowing large sizes to wrap to neg...

CVE-2017-9669

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file...

Alpine Linux's package manager buffer overflow vulnerability

Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...

Alpine Linux's package manager buffer error vulnerability

Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...

Alpine Linux: from vulnerability discovery to code execution a-vulnerability warning-the black bar safety net

One, Foreword Recently I was in the Alpine Linux package Manager found two serious vulnerabilities, exploits, numbered CVE-2017-9669 and CVE-2017-9671。 If you are using Alpine, an attacker may use these two holes in your host to execute malicious code. Alpine Linux is a lightweight Linux...

Alpine Linux: From vulnerability discovery to code execution

I’ve recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an attacker executing malicious code on your machines, if you are using Alpine knowingly or implicitly. Alpine Linux is...

ALPINE-CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...

ALPINE-CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

ALPINE-CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...

ALPINE-CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

ALPINE-CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

ALPINE-CVE-2016-7971

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

WordPress Alpine PhotoTile For Instagram 1.2.7.7 XSS

------------------------------------------------------------------------ Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016...