github.com/argoproj/argo-cd/v3@v3.2.1/docs/snyk/v2.14.17/public.ecr.aws_docker_library_redis_7.0.15-alpine.html (about) 1 <!DOCTYPE html> 2 <html lang="en"> 3 4 <head> 5 <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 6 <meta http-equiv="Content-Language" content="en-us"> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 8 <meta http-equiv="X-UA-Compatible" content="IE=edge"> 9 <title>Snyk test report</title> 10 <meta name="description" content="4 known vulnerabilities found in 38 vulnerable dependency paths."> 11 <base target="_blank"> 12 <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" 13 sizes="194x194"> 14 <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> 15 <style type="text/css"> 16 17 body { 18 -moz-font-feature-settings: "pnum"; 19 -webkit-font-feature-settings: "pnum"; 20 font-variant-numeric: proportional-nums; 21 display: flex; 22 flex-direction: column; 23 font-feature-settings: "pnum"; 24 font-size: 100%; 25 line-height: 1.5; 26 min-height: 100vh; 27 -webkit-text-size-adjust: 100%; 28 margin: 0; 29 padding: 0; 30 background-color: #F5F5F5; 31 font-family: 'Arial', 'Helvetica', Calibri, sans-serif; 32 } 33 34 h1, 35 h2, 36 h3, 37 h4, 38 h5, 39 h6 { 40 font-weight: 500; 41 } 42 43 a, 44 a:link, 45 a:visited { 46 border-bottom: 1px solid #4b45a9; 47 text-decoration: none; 48 color: #4b45a9; 49 } 50 51 a:hover, 52 a:focus, 53 a:active { 54 border-bottom: 1px solid #4b45a9; 55 } 56 57 hr { 58 border: none; 59 margin: 1em 0; 60 border-top: 1px solid #c5c5c5; 61 } 62 63 ul { 64 padding: 0 1em; 65 margin: 1em 0; 66 } 67 68 code { 69 background-color: #EEE; 70 color: #333; 71 padding: 0.25em 0.5em; 72 border-radius: 0.25em; 73 } 74 75 pre { 76 background-color: #333; 77 font-family: monospace; 78 padding: 0.5em 1em 0.75em; 79 border-radius: 0.25em; 80 font-size: 14px; 81 } 82 83 pre code { 84 padding: 0; 85 background-color: transparent; 86 color: #fff; 87 } 88 89 a code { 90 border-radius: .125rem .125rem 0 0; 91 padding-bottom: 0; 92 color: #4b45a9; 93 } 94 95 a[href^="http://"]:after, 96 a[href^="https://"]:after { 97 background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E"); 98 background-repeat: no-repeat; 99 background-size: .75rem; 100 content: ""; 101 display: inline-block; 102 height: .75rem; 103 margin-left: .25rem; 104 width: .75rem; 105 } 106 107 108 /* Layout */ 109 110 [class*=layout-container] { 111 margin: 0 auto; 112 max-width: 71.25em; 113 padding: 1.9em 1.3em; 114 position: relative; 115 } 116 .layout-container--short { 117 padding-top: 0; 118 padding-bottom: 0; 119 max-width: 48.75em; 120 } 121 122 .layout-container--short:after { 123 display: block; 124 content: ""; 125 clear: both; 126 } 127 128 /* Header */ 129 130 .header { 131 padding-bottom: 1px; 132 } 133 134 .paths { 135 margin-left: 8px; 136 } 137 .header-wrap { 138 display: flex; 139 flex-direction: row; 140 justify-content: space-between; 141 padding-top: 2em; 142 } 143 .project__header { 144 background-color: #030328; 145 color: #fff; 146 margin-bottom: -1px; 147 padding-top: 1em; 148 padding-bottom: 0.25em; 149 border-bottom: 2px solid #BBB; 150 } 151 152 .project__header__title { 153 overflow-wrap: break-word; 154 word-wrap: break-word; 155 word-break: break-all; 156 margin-bottom: .1em; 157 margin-top: 0; 158 } 159 160 .timestamp { 161 float: right; 162 clear: none; 163 margin-bottom: 0; 164 } 165 166 .meta-counts { 167 clear: both; 168 display: block; 169 flex-wrap: wrap; 170 justify-content: space-between; 171 margin: 0 0 1.5em; 172 color: #fff; 173 clear: both; 174 font-size: 1.1em; 175 } 176 177 .meta-count { 178 display: block; 179 flex-basis: 100%; 180 margin: 0 1em 1em 0; 181 float: left; 182 padding-right: 1em; 183 border-right: 2px solid #fff; 184 } 185 186 .meta-count:last-child { 187 border-right: 0; 188 padding-right: 0; 189 margin-right: 0; 190 } 191 192 /* Card */ 193 194 .card { 195 background-color: #fff; 196 border: 1px solid #c5c5c5; 197 border-radius: .25rem; 198 margin: 0 0 2em 0; 199 position: relative; 200 min-height: 40px; 201 padding: 1.5em; 202 } 203 204 .card__labels { 205 position: absolute; 206 top: 1.1em; 207 left: 0; 208 display: flex; 209 align-items: center; 210 gap: 8px; 211 } 212 213 .card .label { 214 background-color: #767676; 215 border: 2px solid #767676; 216 color: white; 217 padding: 0.25rem 0.75rem; 218 font-size: 0.875rem; 219 text-transform: uppercase; 220 display: inline-block; 221 margin: 0; 222 border-radius: 0.25rem; 223 } 224 225 .card .label__text { 226 vertical-align: text-top; 227 font-weight: bold; 228 } 229 230 .card .label--critical { 231 background-color: #AB1A1A; 232 border-color: #AB1A1A; 233 } 234 235 .card .label--high { 236 background-color: #CE5019; 237 border-color: #CE5019; 238 } 239 240 .card .label--medium { 241 background-color: #D68000; 242 border-color: #D68000; 243 } 244 245 .card .label--low { 246 background-color: #88879E; 247 border-color: #88879E; 248 } 249 250 .severity--low { 251 border-color: #88879E; 252 } 253 254 .severity--medium { 255 border-color: #D68000; 256 } 257 258 .severity--high { 259 border-color: #CE5019; 260 } 261 262 .severity--critical { 263 border-color: #AB1A1A; 264 } 265 266 .card--vuln { 267 padding-top: 4em; 268 } 269 270 .card--vuln .card__labels > .label:first-child { 271 padding-left: 1.9em; 272 padding-right: 1.9em; 273 border-radius: 0 0.25rem 0.25rem 0; 274 } 275 276 .card--vuln .card__section h2 { 277 font-size: 22px; 278 margin-bottom: 0.5em; 279 } 280 281 .card--vuln .card__section p { 282 margin: 0 0 0.5em 0; 283 } 284 285 .card--vuln .card__meta { 286 padding: 0 0 0 1em; 287 margin: 0; 288 font-size: 1.1em; 289 } 290 291 .card .card__meta__paths { 292 font-size: 0.9em; 293 } 294 295 .card--vuln .card__title { 296 font-size: 28px; 297 margin-top: 0; 298 margin-right: 100px; /* Ensure space for the risk score */ 299 } 300 301 .card--vuln .card__cta p { 302 margin: 0; 303 text-align: right; 304 } 305 306 .risk-score-display { 307 position: absolute; 308 top: 1.5em; 309 right: 1.5em; 310 text-align: right; 311 z-index: 10; 312 } 313 314 .risk-score-display__label { 315 font-size: 0.7em; 316 font-weight: bold; 317 color: #586069; 318 text-transform: uppercase; 319 line-height: 1; 320 margin-bottom: 3px; 321 } 322 323 .risk-score-display__value { 324 font-size: 1.9em; 325 font-weight: 600; 326 color: #24292e; 327 line-height: 1; 328 } 329 330 .source-panel { 331 clear: both; 332 display: flex; 333 justify-content: flex-start; 334 flex-direction: column; 335 align-items: flex-start; 336 padding: 0.5em 0; 337 width: fit-content; 338 } 339 340 341 342 </style> 343 <style type="text/css"> 344 .metatable { 345 text-size-adjust: 100%; 346 -webkit-font-smoothing: antialiased; 347 -webkit-box-direction: normal; 348 color: inherit; 349 font-feature-settings: "pnum"; 350 box-sizing: border-box; 351 background: transparent; 352 border: 0; 353 font: inherit; 354 font-size: 100%; 355 margin: 0; 356 outline: none; 357 padding: 0; 358 text-align: left; 359 text-decoration: none; 360 vertical-align: baseline; 361 z-index: auto; 362 margin-top: 12px; 363 border-collapse: collapse; 364 border-spacing: 0; 365 font-variant-numeric: tabular-nums; 366 max-width: 51.75em; 367 } 368 369 tbody { 370 text-size-adjust: 100%; 371 -webkit-font-smoothing: antialiased; 372 -webkit-box-direction: normal; 373 color: inherit; 374 font-feature-settings: "pnum"; 375 border-collapse: collapse; 376 border-spacing: 0; 377 box-sizing: border-box; 378 background: transparent; 379 border: 0; 380 font: inherit; 381 font-size: 100%; 382 margin: 0; 383 outline: none; 384 padding: 0; 385 text-align: left; 386 text-decoration: none; 387 vertical-align: baseline; 388 z-index: auto; 389 display: flex; 390 flex-wrap: wrap; 391 } 392 393 .meta-row { 394 text-size-adjust: 100%; 395 -webkit-font-smoothing: antialiased; 396 -webkit-box-direction: normal; 397 color: inherit; 398 font-feature-settings: "pnum"; 399 border-collapse: collapse; 400 border-spacing: 0; 401 box-sizing: border-box; 402 background: transparent; 403 border: 0; 404 font: inherit; 405 font-size: 100%; 406 outline: none; 407 text-align: left; 408 text-decoration: none; 409 vertical-align: baseline; 410 z-index: auto; 411 display: flex; 412 align-items: start; 413 border-top: 1px solid #d3d3d9; 414 padding: 8px 0 0 0; 415 border-bottom: none; 416 margin: 8px; 417 width: 47.75%; 418 } 419 420 .meta-row-label { 421 text-size-adjust: 100%; 422 -webkit-font-smoothing: antialiased; 423 -webkit-box-direction: normal; 424 font-feature-settings: "pnum"; 425 border-collapse: collapse; 426 border-spacing: 0; 427 color: #4c4a73; 428 box-sizing: border-box; 429 background: transparent; 430 border: 0; 431 font: inherit; 432 margin: 0; 433 outline: none; 434 text-decoration: none; 435 z-index: auto; 436 align-self: start; 437 flex: 1; 438 font-size: 1rem; 439 line-height: 1.5rem; 440 padding: 0; 441 text-align: left; 442 vertical-align: top; 443 text-transform: none; 444 letter-spacing: 0; 445 } 446 447 .meta-row-value { 448 text-size-adjust: 100%; 449 -webkit-font-smoothing: antialiased; 450 -webkit-box-direction: normal; 451 color: inherit; 452 font-feature-settings: "pnum"; 453 border-collapse: collapse; 454 border-spacing: 0; 455 word-break: break-word; 456 box-sizing: border-box; 457 background: transparent; 458 border: 0; 459 font: inherit; 460 font-size: 100%; 461 margin: 0; 462 outline: none; 463 padding: 0; 464 text-align: right; 465 text-decoration: none; 466 vertical-align: baseline; 467 z-index: auto; 468 } 469 </style> 470 </head> 471 472 <body class="section-projects"> 473 <main class="layout-stacked"> 474 <div class="layout-stacked__header header"> 475 <header class="project__header"> 476 <div class="layout-container"> 477 <a class="brand" href="https://snyk.io" title="Snyk"> 478 <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img"> 479 <title>Snyk - Open Source Security</title> 480 <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> 481 <g fill="#fff"> 482 <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path> 483 </g> 484 </g> 485 </svg> 486 </a> 487 <div class="header-wrap"> 488 <h1 class="project__header__title">Snyk test report</h1> 489 490 <p class="timestamp">September 14th 2025, 12:30:03 am (UTC+00:00)</p> 491 </div> 492 <div class="source-panel"> 493 <span>Scanned the following paths:</span> 494 <ul> 495 <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)</li> 496 <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li> 497 </ul> 498 </div> 499 500 <div class="meta-counts"> 501 <div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div> 502 <div class="meta-count"><span>38 vulnerable dependency paths</span></div> 503 <div class="meta-count"><span>18</span> <span>dependencies</span></div> 504 </div><!-- .meta-counts --> 505 </div><!-- .layout-container--short --> 506 </header><!-- .project__header --> 507 </div><!-- .layout-stacked__header --> 508 509 <div class="layout-container" style="padding-top: 35px;"> 510 <div class="cards--vuln filter--patch filter--ignore"> 511 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 512 <h2 class="card__title">CVE-2024-9143</h2> 513 <div class="card__section"> 514 515 <div class="card__labels"> 516 <div class="label label--low"> 517 <span class="label__text">low severity</span> 518 </div> 519 </div> 520 521 <hr/> 522 523 <ul class="card__meta"> 524 <li class="card__meta__item"> 525 Package Manager: alpine:3.20 526 </li> 527 <li class="card__meta__item"> 528 Vulnerable module: 529 530 openssl/libcrypto3 531 </li> 532 533 <li class="card__meta__item">Introduced through: 534 535 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0 536 537 </li> 538 </ul> 539 540 <hr/> 541 542 543 <h3 class="card__section__title">Detailed paths</h3> 544 545 <ul class="card__meta__paths"> 546 <li> 547 <span class="list-paths__item__introduced"><em>Introduced through</em>: 548 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 549 <span class="list-paths__item__arrow">›</span> 550 openssl/libcrypto3@3.3.2-r0 551 552 </span> 553 554 </li> 555 <li> 556 <span class="list-paths__item__introduced"><em>Introduced through</em>: 557 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 558 <span class="list-paths__item__arrow">›</span> 559 .redis-rundeps@20240906.232324 560 <span class="list-paths__item__arrow">›</span> 561 openssl/libcrypto3@3.3.2-r0 562 563 </span> 564 565 </li> 566 <li> 567 <span class="list-paths__item__introduced"><em>Introduced through</em>: 568 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 569 <span class="list-paths__item__arrow">›</span> 570 apk-tools/apk-tools@2.14.4-r0 571 <span class="list-paths__item__arrow">›</span> 572 openssl/libcrypto3@3.3.2-r0 573 574 </span> 575 576 </li> 577 <li> 578 <span class="list-paths__item__introduced"><em>Introduced through</em>: 579 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 580 <span class="list-paths__item__arrow">›</span> 581 busybox/ssl_client@1.36.1-r29 582 <span class="list-paths__item__arrow">›</span> 583 openssl/libcrypto3@3.3.2-r0 584 585 </span> 586 587 </li> 588 <li> 589 <span class="list-paths__item__introduced"><em>Introduced through</em>: 590 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 591 <span class="list-paths__item__arrow">›</span> 592 .redis-rundeps@20240906.232324 593 <span class="list-paths__item__arrow">›</span> 594 openssl/libssl3@3.3.2-r0 595 <span class="list-paths__item__arrow">›</span> 596 openssl/libcrypto3@3.3.2-r0 597 598 </span> 599 600 </li> 601 <li> 602 <span class="list-paths__item__introduced"><em>Introduced through</em>: 603 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 604 <span class="list-paths__item__arrow">›</span> 605 openssl/libssl3@3.3.2-r0 606 607 </span> 608 609 </li> 610 <li> 611 <span class="list-paths__item__introduced"><em>Introduced through</em>: 612 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 613 <span class="list-paths__item__arrow">›</span> 614 .redis-rundeps@20240906.232324 615 <span class="list-paths__item__arrow">›</span> 616 openssl/libssl3@3.3.2-r0 617 618 </span> 619 620 </li> 621 <li> 622 <span class="list-paths__item__introduced"><em>Introduced through</em>: 623 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 624 <span class="list-paths__item__arrow">›</span> 625 apk-tools/apk-tools@2.14.4-r0 626 <span class="list-paths__item__arrow">›</span> 627 openssl/libssl3@3.3.2-r0 628 629 </span> 630 631 </li> 632 <li> 633 <span class="list-paths__item__introduced"><em>Introduced through</em>: 634 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 635 <span class="list-paths__item__arrow">›</span> 636 busybox/ssl_client@1.36.1-r29 637 <span class="list-paths__item__arrow">›</span> 638 openssl/libssl3@3.3.2-r0 639 640 </span> 641 642 </li> 643 </ul><!-- .list-paths --> 644 645 </div><!-- .card__section --> 646 647 <hr/> 648 <!-- Overview --> 649 <h2 id="nvd-description">NVD Description</h2> 650 <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em> 651 <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p> 652 <p>Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted 653 explicit values for the field polynomial can lead to out-of-bounds memory reads 654 or writes.</p> 655 <p>Impact summary: Out of bound memory writes can lead to an application crash or 656 even a possibility of a remote code execution, however, in all the protocols 657 involving Elliptic Curve Cryptography that we're aware of, either only "named 658 curves" are supported, or, if explicit curve parameters are supported, they 659 specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent 660 problematic input values. Thus the likelihood of existence of a vulnerable 661 application is low.</p> 662 <p>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, 663 so problematic inputs cannot occur in the context of processing X.509 664 certificates. Any problematic use-cases would have to be using an "exotic" 665 curve encoding.</p> 666 <p>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), 667 and various supporting BN_GF2m_*() functions.</p> 668 <p>Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, 669 that make it possible to represent invalid field polynomials with a zero 670 constant term, via the above or similar APIs, may terminate abruptly as a 671 result of reading or writing outside of array bounds. Remote code execution 672 cannot easily be ruled out.</p> 673 <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p> 674 <h2 id="remediation">Remediation</h2> 675 <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r3 or higher.</p> 676 <h2 id="references">References</h2> 677 <ul> 678 <li><a href="https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712">https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712</a></li> 679 <li><a href="https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700">https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700</a></li> 680 <li><a href="https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4">https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4</a></li> 681 <li><a href="https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154">https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154</a></li> 682 <li><a href="https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a">https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a</a></li> 683 <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41">https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41</a></li> 684 <li><a href="https://openssl-library.org/news/secadv/20241016.txt">https://openssl-library.org/news/secadv/20241016.txt</a></li> 685 <li><a href="http://www.openwall.com/lists/oss-security/2024/10/16/1">http://www.openwall.com/lists/oss-security/2024/10/16/1</a></li> 686 <li><a href="http://www.openwall.com/lists/oss-security/2024/10/23/1">http://www.openwall.com/lists/oss-security/2024/10/23/1</a></li> 687 <li><a href="http://www.openwall.com/lists/oss-security/2024/10/24/1">http://www.openwall.com/lists/oss-security/2024/10/24/1</a></li> 688 <li><a href="https://security.netapp.com/advisory/ntap-20241101-0001/">https://security.netapp.com/advisory/ntap-20241101-0001/</a></li> 689 </ul> 690 691 <hr/> 692 693 <div class="cta card__cta"> 694 <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201">More about this vulnerability</a></p> 695 </div> 696 697 </div><!-- .card --> 698 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 699 <h2 class="card__title">CVE-2024-13176</h2> 700 <div class="card__section"> 701 702 <div class="card__labels"> 703 <div class="label label--low"> 704 <span class="label__text">low severity</span> 705 </div> 706 </div> 707 708 <hr/> 709 710 <ul class="card__meta"> 711 <li class="card__meta__item"> 712 Package Manager: alpine:3.20 713 </li> 714 <li class="card__meta__item"> 715 Vulnerable module: 716 717 openssl/libcrypto3 718 </li> 719 720 <li class="card__meta__item">Introduced through: 721 722 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0 723 724 </li> 725 </ul> 726 727 <hr/> 728 729 730 <h3 class="card__section__title">Detailed paths</h3> 731 732 <ul class="card__meta__paths"> 733 <li> 734 <span class="list-paths__item__introduced"><em>Introduced through</em>: 735 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 736 <span class="list-paths__item__arrow">›</span> 737 openssl/libcrypto3@3.3.2-r0 738 739 </span> 740 741 </li> 742 <li> 743 <span class="list-paths__item__introduced"><em>Introduced through</em>: 744 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 745 <span class="list-paths__item__arrow">›</span> 746 .redis-rundeps@20240906.232324 747 <span class="list-paths__item__arrow">›</span> 748 openssl/libcrypto3@3.3.2-r0 749 750 </span> 751 752 </li> 753 <li> 754 <span class="list-paths__item__introduced"><em>Introduced through</em>: 755 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 756 <span class="list-paths__item__arrow">›</span> 757 apk-tools/apk-tools@2.14.4-r0 758 <span class="list-paths__item__arrow">›</span> 759 openssl/libcrypto3@3.3.2-r0 760 761 </span> 762 763 </li> 764 <li> 765 <span class="list-paths__item__introduced"><em>Introduced through</em>: 766 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 767 <span class="list-paths__item__arrow">›</span> 768 busybox/ssl_client@1.36.1-r29 769 <span class="list-paths__item__arrow">›</span> 770 openssl/libcrypto3@3.3.2-r0 771 772 </span> 773 774 </li> 775 <li> 776 <span class="list-paths__item__introduced"><em>Introduced through</em>: 777 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 778 <span class="list-paths__item__arrow">›</span> 779 .redis-rundeps@20240906.232324 780 <span class="list-paths__item__arrow">›</span> 781 openssl/libssl3@3.3.2-r0 782 <span class="list-paths__item__arrow">›</span> 783 openssl/libcrypto3@3.3.2-r0 784 785 </span> 786 787 </li> 788 <li> 789 <span class="list-paths__item__introduced"><em>Introduced through</em>: 790 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 791 <span class="list-paths__item__arrow">›</span> 792 openssl/libssl3@3.3.2-r0 793 794 </span> 795 796 </li> 797 <li> 798 <span class="list-paths__item__introduced"><em>Introduced through</em>: 799 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 800 <span class="list-paths__item__arrow">›</span> 801 .redis-rundeps@20240906.232324 802 <span class="list-paths__item__arrow">›</span> 803 openssl/libssl3@3.3.2-r0 804 805 </span> 806 807 </li> 808 <li> 809 <span class="list-paths__item__introduced"><em>Introduced through</em>: 810 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 811 <span class="list-paths__item__arrow">›</span> 812 apk-tools/apk-tools@2.14.4-r0 813 <span class="list-paths__item__arrow">›</span> 814 openssl/libssl3@3.3.2-r0 815 816 </span> 817 818 </li> 819 <li> 820 <span class="list-paths__item__introduced"><em>Introduced through</em>: 821 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 822 <span class="list-paths__item__arrow">›</span> 823 busybox/ssl_client@1.36.1-r29 824 <span class="list-paths__item__arrow">›</span> 825 openssl/libssl3@3.3.2-r0 826 827 </span> 828 829 </li> 830 </ul><!-- .list-paths --> 831 832 </div><!-- .card__section --> 833 834 <hr/> 835 <!-- Overview --> 836 <h2 id="nvd-description">NVD Description</h2> 837 <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em> 838 <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p> 839 <p>Issue summary: A timing side-channel which could potentially allow recovering 840 the private key exists in the ECDSA signature computation.</p> 841 <p>Impact summary: A timing side-channel in ECDSA signature computations 842 could allow recovering the private key by an attacker. However, measuring 843 the timing would require either local access to the signing application or 844 a very fast network connection with low latency.</p> 845 <p>There is a timing signal of around 300 nanoseconds when the top word of 846 the inverted ECDSA nonce value is zero. This can happen with significant 847 probability only for some of the supported elliptic curves. In particular 848 the NIST P-521 curve is affected. To be able to measure this leak, the attacker 849 process must either be located in the same physical computer or must 850 have a very fast network connection with low latency. For that reason 851 the severity of this vulnerability is Low.</p> 852 <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.</p> 853 <h2 id="remediation">Remediation</h2> 854 <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r2 or higher.</p> 855 <h2 id="references">References</h2> 856 <ul> 857 <li><a href="https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844">https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844</a></li> 858 <li><a href="https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467">https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467</a></li> 859 <li><a href="https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902">https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902</a></li> 860 <li><a href="https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65">https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65</a></li> 861 <li><a href="https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f">https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f</a></li> 862 <li><a href="https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded">https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded</a></li> 863 <li><a href="https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86">https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86</a></li> 864 <li><a href="https://openssl-library.org/news/secadv/20250120.txt">https://openssl-library.org/news/secadv/20250120.txt</a></li> 865 <li><a href="http://www.openwall.com/lists/oss-security/2025/01/20/2">http://www.openwall.com/lists/oss-security/2025/01/20/2</a></li> 866 <li><a href="https://security.netapp.com/advisory/ntap-20250124-0005/">https://security.netapp.com/advisory/ntap-20250124-0005/</a></li> 867 <li><a href="https://security.netapp.com/advisory/ntap-20250418-0010/">https://security.netapp.com/advisory/ntap-20250418-0010/</a></li> 868 <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html</a></li> 869 </ul> 870 871 <hr/> 872 873 <div class="cta card__cta"> 874 <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8690013">More about this vulnerability</a></p> 875 </div> 876 877 </div><!-- .card --> 878 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 879 <h2 class="card__title">CVE-2024-12797</h2> 880 <div class="card__section"> 881 882 <div class="card__labels"> 883 <div class="label label--low"> 884 <span class="label__text">low severity</span> 885 </div> 886 </div> 887 888 <hr/> 889 890 <ul class="card__meta"> 891 <li class="card__meta__item"> 892 Package Manager: alpine:3.20 893 </li> 894 <li class="card__meta__item"> 895 Vulnerable module: 896 897 openssl/libcrypto3 898 </li> 899 900 <li class="card__meta__item">Introduced through: 901 902 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0 903 904 </li> 905 </ul> 906 907 <hr/> 908 909 910 <h3 class="card__section__title">Detailed paths</h3> 911 912 <ul class="card__meta__paths"> 913 <li> 914 <span class="list-paths__item__introduced"><em>Introduced through</em>: 915 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 916 <span class="list-paths__item__arrow">›</span> 917 openssl/libcrypto3@3.3.2-r0 918 919 </span> 920 921 </li> 922 <li> 923 <span class="list-paths__item__introduced"><em>Introduced through</em>: 924 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 925 <span class="list-paths__item__arrow">›</span> 926 .redis-rundeps@20240906.232324 927 <span class="list-paths__item__arrow">›</span> 928 openssl/libcrypto3@3.3.2-r0 929 930 </span> 931 932 </li> 933 <li> 934 <span class="list-paths__item__introduced"><em>Introduced through</em>: 935 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 936 <span class="list-paths__item__arrow">›</span> 937 apk-tools/apk-tools@2.14.4-r0 938 <span class="list-paths__item__arrow">›</span> 939 openssl/libcrypto3@3.3.2-r0 940 941 </span> 942 943 </li> 944 <li> 945 <span class="list-paths__item__introduced"><em>Introduced through</em>: 946 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 947 <span class="list-paths__item__arrow">›</span> 948 busybox/ssl_client@1.36.1-r29 949 <span class="list-paths__item__arrow">›</span> 950 openssl/libcrypto3@3.3.2-r0 951 952 </span> 953 954 </li> 955 <li> 956 <span class="list-paths__item__introduced"><em>Introduced through</em>: 957 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 958 <span class="list-paths__item__arrow">›</span> 959 .redis-rundeps@20240906.232324 960 <span class="list-paths__item__arrow">›</span> 961 openssl/libssl3@3.3.2-r0 962 <span class="list-paths__item__arrow">›</span> 963 openssl/libcrypto3@3.3.2-r0 964 965 </span> 966 967 </li> 968 <li> 969 <span class="list-paths__item__introduced"><em>Introduced through</em>: 970 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 971 <span class="list-paths__item__arrow">›</span> 972 openssl/libssl3@3.3.2-r0 973 974 </span> 975 976 </li> 977 <li> 978 <span class="list-paths__item__introduced"><em>Introduced through</em>: 979 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 980 <span class="list-paths__item__arrow">›</span> 981 .redis-rundeps@20240906.232324 982 <span class="list-paths__item__arrow">›</span> 983 openssl/libssl3@3.3.2-r0 984 985 </span> 986 987 </li> 988 <li> 989 <span class="list-paths__item__introduced"><em>Introduced through</em>: 990 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 991 <span class="list-paths__item__arrow">›</span> 992 apk-tools/apk-tools@2.14.4-r0 993 <span class="list-paths__item__arrow">›</span> 994 openssl/libssl3@3.3.2-r0 995 996 </span> 997 998 </li> 999 <li> 1000 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1001 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1002 <span class="list-paths__item__arrow">›</span> 1003 busybox/ssl_client@1.36.1-r29 1004 <span class="list-paths__item__arrow">›</span> 1005 openssl/libssl3@3.3.2-r0 1006 1007 </span> 1008 1009 </li> 1010 </ul><!-- .list-paths --> 1011 1012 </div><!-- .card__section --> 1013 1014 <hr/> 1015 <!-- Overview --> 1016 <h2 id="nvd-description">NVD Description</h2> 1017 <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em> 1018 <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p> 1019 <p>Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a 1020 server may fail to notice that the server was not authenticated, because 1021 handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode 1022 is set.</p> 1023 <p>Impact summary: TLS and DTLS connections using raw public keys may be 1024 vulnerable to man-in-middle attacks when server authentication failure is not 1025 detected by clients.</p> 1026 <p>RPKs are disabled by default in both TLS clients and TLS servers. The issue 1027 only arises when TLS clients explicitly enable RPK use by the server, and the 1028 server, likewise, enables sending of an RPK instead of an X.509 certificate 1029 chain. The affected clients are those that then rely on the handshake to 1030 fail when the server's RPK fails to match one of the expected public keys, 1031 by setting the verification mode to SSL_VERIFY_PEER.</p> 1032 <p>Clients that enable server-side raw public keys can still find out that raw 1033 public key verification failed by calling SSL_get_verify_result(), and those 1034 that do, and take appropriate action, are not affected. This issue was 1035 introduced in the initial implementation of RPK support in OpenSSL 3.2.</p> 1036 <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p> 1037 <h2 id="remediation">Remediation</h2> 1038 <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.3-r0 or higher.</p> 1039 <h2 id="references">References</h2> 1040 <ul> 1041 <li><a href="https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9">https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9</a></li> 1042 <li><a href="https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7">https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7</a></li> 1043 <li><a href="https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699">https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699</a></li> 1044 <li><a href="https://openssl-library.org/news/secadv/20250211.txt">https://openssl-library.org/news/secadv/20250211.txt</a></li> 1045 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/3">http://www.openwall.com/lists/oss-security/2025/02/11/3</a></li> 1046 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/4">http://www.openwall.com/lists/oss-security/2025/02/11/4</a></li> 1047 <li><a href="https://security.netapp.com/advisory/ntap-20250214-0001/">https://security.netapp.com/advisory/ntap-20250214-0001/</a></li> 1048 </ul> 1049 1050 <hr/> 1051 1052 <div class="cta card__cta"> 1053 <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8710359">More about this vulnerability</a></p> 1054 </div> 1055 1056 </div><!-- .card --> 1057 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1058 <h2 class="card__title">CVE-2025-26519</h2> 1059 <div class="card__section"> 1060 1061 <div class="card__labels"> 1062 <div class="label label--low"> 1063 <span class="label__text">low severity</span> 1064 </div> 1065 </div> 1066 1067 <hr/> 1068 1069 <ul class="card__meta"> 1070 <li class="card__meta__item"> 1071 Package Manager: alpine:3.20 1072 </li> 1073 <li class="card__meta__item"> 1074 Vulnerable module: 1075 1076 musl/musl 1077 </li> 1078 1079 <li class="card__meta__item">Introduced through: 1080 1081 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and musl/musl@1.2.5-r0 1082 1083 </li> 1084 </ul> 1085 1086 <hr/> 1087 1088 1089 <h3 class="card__section__title">Detailed paths</h3> 1090 1091 <ul class="card__meta__paths"> 1092 <li> 1093 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1094 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1095 <span class="list-paths__item__arrow">›</span> 1096 musl/musl@1.2.5-r0 1097 1098 </span> 1099 1100 </li> 1101 <li> 1102 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1103 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1104 <span class="list-paths__item__arrow">›</span> 1105 .redis-rundeps@20240906.232324 1106 <span class="list-paths__item__arrow">›</span> 1107 musl/musl@1.2.5-r0 1108 1109 </span> 1110 1111 </li> 1112 <li> 1113 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1114 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1115 <span class="list-paths__item__arrow">›</span> 1116 apk-tools/apk-tools@2.14.4-r0 1117 <span class="list-paths__item__arrow">›</span> 1118 musl/musl@1.2.5-r0 1119 1120 </span> 1121 1122 </li> 1123 <li> 1124 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1125 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1126 <span class="list-paths__item__arrow">›</span> 1127 busybox/ssl_client@1.36.1-r29 1128 <span class="list-paths__item__arrow">›</span> 1129 musl/musl@1.2.5-r0 1130 1131 </span> 1132 1133 </li> 1134 <li> 1135 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1136 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1137 <span class="list-paths__item__arrow">›</span> 1138 musl/musl-utils@1.2.5-r0 1139 <span class="list-paths__item__arrow">›</span> 1140 musl/musl@1.2.5-r0 1141 1142 </span> 1143 1144 </li> 1145 <li> 1146 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1147 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1148 <span class="list-paths__item__arrow">›</span> 1149 .redis-rundeps@20240906.232324 1150 <span class="list-paths__item__arrow">›</span> 1151 openssl/libcrypto3@3.3.2-r0 1152 <span class="list-paths__item__arrow">›</span> 1153 musl/musl@1.2.5-r0 1154 1155 </span> 1156 1157 </li> 1158 <li> 1159 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1160 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1161 <span class="list-paths__item__arrow">›</span> 1162 .redis-rundeps@20240906.232324 1163 <span class="list-paths__item__arrow">›</span> 1164 openssl/libssl3@3.3.2-r0 1165 <span class="list-paths__item__arrow">›</span> 1166 musl/musl@1.2.5-r0 1167 1168 </span> 1169 1170 </li> 1171 <li> 1172 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1173 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1174 <span class="list-paths__item__arrow">›</span> 1175 apk-tools/apk-tools@2.14.4-r0 1176 <span class="list-paths__item__arrow">›</span> 1177 zlib/zlib@1.3.1-r1 1178 <span class="list-paths__item__arrow">›</span> 1179 musl/musl@1.2.5-r0 1180 1181 </span> 1182 1183 </li> 1184 <li> 1185 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1186 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1187 <span class="list-paths__item__arrow">›</span> 1188 musl/musl-utils@1.2.5-r0 1189 <span class="list-paths__item__arrow">›</span> 1190 pax-utils/scanelf@1.3.7-r2 1191 <span class="list-paths__item__arrow">›</span> 1192 musl/musl@1.2.5-r0 1193 1194 </span> 1195 1196 </li> 1197 <li> 1198 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1199 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1200 <span class="list-paths__item__arrow">›</span> 1201 alpine-baselayout/alpine-baselayout@3.6.5-r0 1202 <span class="list-paths__item__arrow">›</span> 1203 busybox/busybox-binsh@1.36.1-r29 1204 <span class="list-paths__item__arrow">›</span> 1205 busybox/busybox@1.36.1-r29 1206 <span class="list-paths__item__arrow">›</span> 1207 musl/musl@1.2.5-r0 1208 1209 </span> 1210 1211 </li> 1212 <li> 1213 <span class="list-paths__item__introduced"><em>Introduced through</em>: 1214 docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine 1215 <span class="list-paths__item__arrow">›</span> 1216 musl/musl-utils@1.2.5-r0 1217 1218 </span> 1219 1220 </li> 1221 </ul><!-- .list-paths --> 1222 1223 </div><!-- .card__section --> 1224 1225 <hr/> 1226 <!-- Overview --> 1227 <h2 id="nvd-description">NVD Description</h2> 1228 <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>musl</code> package and not the <code>musl</code> package as distributed by <code>Alpine</code>.</em> 1229 <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p> 1230 <p>musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.</p> 1231 <h2 id="remediation">Remediation</h2> 1232 <p>Upgrade <code>Alpine:3.20</code> <code>musl</code> to version 1.2.5-r1 or higher.</p> 1233 <h2 id="references">References</h2> 1234 <ul> 1235 <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da">https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da</a></li> 1236 <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659">https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659</a></li> 1237 <li><a href="https://www.openwall.com/lists/oss-security/2025/02/13/2">https://www.openwall.com/lists/oss-security/2025/02/13/2</a></li> 1238 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/2">http://www.openwall.com/lists/oss-security/2025/02/13/2</a></li> 1239 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/3">http://www.openwall.com/lists/oss-security/2025/02/13/3</a></li> 1240 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/4">http://www.openwall.com/lists/oss-security/2025/02/13/4</a></li> 1241 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/5">http://www.openwall.com/lists/oss-security/2025/02/13/5</a></li> 1242 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/5">http://www.openwall.com/lists/oss-security/2025/02/14/5</a></li> 1243 <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/6">http://www.openwall.com/lists/oss-security/2025/02/14/6</a></li> 1244 </ul> 1245 1246 <hr/> 1247 1248 <div class="cta card__cta"> 1249 <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638">More about this vulnerability</a></p> 1250 </div> 1251 1252 </div><!-- .card --> 1253 </div><!-- cards --> 1254 </div> 1255 </main><!-- .layout-stacked__content --> 1256 </body> 1257 1258 </html>