Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 663
    • Issues 663
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 300
    • Merge requests 300
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #12606
Closed
Open
Issue created Apr 14, 2021 by Natanael Copa@ncopaOwner5 of 5 checklist items completed5/5 checklist items

apk-tools: Out-of-bounds read during tar parsing (CVE-2021-30139)

apk performs insufficient sanity checks on tar entries. The code for parsing tar entries in apk assumes that the fields are null-terminated and uses string function on them without a prior check if null terminators are actually present. This will cause an out-of-bounds read when they are not. This code is run before the signature is validated.

Fixed In Version:

2.10.6, 2.12.5

Reference:

apk-tools#10741 (closed)

Affected branches:

  • master (db442e9b)
  • 3.13-stable (ac1b1085)
  • 3.12-stable (66f28b64)
  • 3.11-stable (5988744e)
  • 3.10-stable (86b26945)
Edited Apr 14, 2021 by Natanael Copa
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking