apk-tools: Out-of-bounds read during tar parsing (CVE-2021-30139)ID: oval:org.secpod.oval:def:1801951 | Date: (C)2021-08-02 (M)2021-10-28 |
Class: PATCH | Family: unix |
apk performs insufficient sanity checks on tar entries. The code for parsing tar entries in apk assumes that the fields are null-terminated and uses string function on them without a prior check if null terminators are actually present. This will cause an out-of-bounds read when they are not. This code is run before the signature is validated.added tag:security label
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.14 |