APK Heap Overflow Vulnerability: Remote Code Execution via Malicious APKINDEX.tar.gz

APK Heap Overflow Vulnerability: Remote Code Execution via Malicious APKINDEX.tar.gz

CVE-2017-9671 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.