Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-17T03:43:56.081Z

Reserved: 2018-12-20T00:00:00Z

Link: CVE-2018-1000849

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-20T15:29:02.347

Modified: 2024-11-21T03:40:29.457

Link: CVE-2018-1000849

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.