Vulnerabilities |
2 via 6 paths |
|---|---|
Dependencies |
15 |
Source |
Docker |
Target OS |
alpine:3.19.9 |
low severity
new
- Vulnerable module: busybox/busybox
- Introduced through: busybox/busybox@1.36.1-r20, busybox/busybox-binsh@1.36.1-r20 and others
- Fixed in: 1.36.1-r21
Detailed paths
-
Introduced through: alpine@3.19 › busybox/busybox@1.36.1-r20
-
Introduced through: alpine@3.19 › busybox/busybox-binsh@1.36.1-r20
-
Introduced through: alpine@3.19 › busybox/ssl_client@1.36.1-r20
NVD Description
Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine.
See How to fix? for Alpine:3.19 relevant fixed versions and status.
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Remediation
Upgrade Alpine:3.19 busybox to version 1.36.1-r21 or higher.
References
low severity
new
- Vulnerable module: busybox/busybox
- Introduced through: busybox/busybox@1.36.1-r20, busybox/busybox-binsh@1.36.1-r20 and others
- Fixed in: 1.36.1-r21
Detailed paths
-
Introduced through: alpine@3.19 › busybox/busybox@1.36.1-r20
-
Introduced through: alpine@3.19 › busybox/busybox-binsh@1.36.1-r20
-
Introduced through: alpine@3.19 › busybox/ssl_client@1.36.1-r20
NVD Description
Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine.
See How to fix? for Alpine:3.19 relevant fixed versions and status.
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Remediation
Upgrade Alpine:3.19 busybox to version 1.36.1-r21 or higher.