| Project | docker-image|public.ecr.aws/docker/library/redis |
|---|---|
| Path | public.ecr.aws/docker/library/redis:8.2.2-alpine/docker/library/redis |
| Package Manager | apk |
CVE-2025-46394
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine.
See How to fix? for Alpine:3.22 relevant fixed versions and status.
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Remediation
Upgrade Alpine:3.22 busybox to version 1.37.0-r20 or higher.
References
- https://bugs.busybox.net/show_bug.cgi?id=16018
- https://www.busybox.net
- https://www.busybox.net/downloads/
- http://www.openwall.com/lists/oss-security/2025/04/23/5
- http://www.openwall.com/lists/oss-security/2025/04/24/3
CVE-2024-58251
Detailed paths
NVD Description
Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine.
See How to fix? for Alpine:3.22 relevant fixed versions and status.
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Remediation
Upgrade Alpine:3.22 busybox to version 1.37.0-r20 or higher.
References
- https://bugs.busybox.net/show_bug.cgi?id=15922
- https://www.busybox.net
- https://www.busybox.net/downloads/
- http://www.openwall.com/lists/oss-security/2025/04/23/6