Published: 17/07/2017 Updated: 20/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A heap overflow in apk (Alpine Linux's package manager) allows a remote malicious user to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alpinelinux alpine linux -

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

The Register • Shaun Nichols in San Francisco • 29 Jun 2017

PS, Alpine users, you need to get patching, too – for other reasons

Systemd, the Linux world's favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you're affected. Looking up a hostname from a vulnerable Systemd-powered PC, handheld, gizmo or server can be enough to trigger an attack by an evil DNS service: the software's resolved component can be fooled into allocating too little memory for a lookup response, and when a large reply is eventua...

CVE-2017-9669

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect