CVE-2017-9669

A heap overflow in apk Alpine Linux's package manager allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file...

CVE-2017-9669

Affects Alpine Linux’s package manager (apk). CVE-2017-9669 stems from a heap overflow in the tar parsing code (archive.c) triggered by a signed int blob_realloc used to grow the longname buffer. If a large size overflows, is->read may copy more bytes than allocated, causing a heap overflow. M...

Alpine Linux: from vulnerability discovery to code execution a-vulnerability warning-the black bar safety net

One, Foreword Recently I was in the Alpine Linux package Manager found two serious vulnerabilities, exploits, numbered CVE-2017-9669 and CVE-2017-9671。 If you are using Alpine, an attacker may use these two holes in your host to execute malicious code. Alpine Linux is a lightweight Linux...

Alpine Linux: From vulnerability discovery to code execution

I’ve recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an attacker executing malicious code on your machines, if you are using Alpine knowingly or implicitly. Alpine Linux is...