8 matches found
EUVD-2026-12833
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams...
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...
CVE-2026-25122
CVE-2026-25122 affects chainguard.dev/apko: unbounded resource consumption in expandapk.Split when processing attacker-controlled .apk streams. From 0.14.8 up to (but not including) 1.1.0, the first gzip stream is drained without a maximum uncompressed byte limit, enabling excessive CPU inflation...
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...
apko 资源管理错误漏洞
Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.0 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the expandapk.Split function, which did not set clear boundaries when processing APK archives, potentially leading to resource...
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...
GHSA-6P9P-Q6WH-9J89 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...