Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 669
    • Issues 669
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 287
    • Merge requests 287
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Our ARM infrastructure is unreachable at the moment, so CI jobs will time-out and packages will not be updated until the servers are back.

  • alpinealpine
  • aportsaports
  • Issues
  • #12606
Closed
Open
Issue created Apr 14, 2021 by Natanael Copa@ncopaOwner5 of 5 checklist items completed5/5 checklist items

apk-tools: Out-of-bounds read during tar parsing (CVE-2021-30139)

apk performs insufficient sanity checks on tar entries. The code for parsing tar entries in apk assumes that the fields are null-terminated and uses string function on them without a prior check if null terminators are actually present. This will cause an out-of-bounds read when they are not. This code is run before the signature is validated.

Fixed In Version:

2.10.6, 2.12.5

Reference:

apk-tools#10741 (closed)

Affected branches:

  • master (db442e9b)
  • 3.13-stable (ac1b1085)
  • 3.12-stable (66f28b64)
  • 3.11-stable (5988744e)
  • 3.10-stable (86b26945)
Edited Apr 14, 2021 by Natanael Copa
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking