CVE-2018-1000849

{"id": "CVE-2018-1000849", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-12-20T15:29:02.347", "references": [{"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."}, {"lang": "es", "value": "Alpine Linux, en versiones anteriores a la 2.6.10, 2.7.6 y 2.10.1, contiene una vulnerabilidad desconocida en apk-tools (el gestor de paquetes de Alpine Linux) que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. Este ataque parece ser explotable mediante un archivo APK especialmente manipulado, que puede provocar que la apk escriba datos arbitrarios en un archivo especificado por el atacante, debido a errores en el manejo de un nombre largo objetivo y la forma en la que se extrae un archivo normal. La vulnerabilidad parece haber sido solucionada en las versiones 2.6.10, 2.7.6 y 2.10.1."}], "lastModified": "2020-03-18T14:52:58.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A95F39-06AF-400D-AEA2-A290A4EEFF85", "versionEndExcluding": "2.6.10"}, {"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ED0AD4B-6C38-441A-9FA5-2A65267AD0F0", "versionEndExcluding": "2.7.6", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:o:alpinelinux:alpine_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF27524-3004-43AE-8BE4-06AC56E28247", "versionEndExcluding": "2.10.1", "versionStartIncluding": "2.7.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}