Snyk test report

Scanned the following path:

redis:6.2.7-alpine (apk)

1 known vulnerabilities

2 vulnerable dependency paths

17 dependencies

Project	docker-image\|redis
Path	redis:6.2.7-alpine
Package Manager	apk

Out-of-bounds Write

critical severity

Package Manager: alpine:3.16
Vulnerable module: zlib/zlib
Introduced through: docker-image|redis@6.2.7-alpine and zlib/zlib@1.2.12-r1

Detailed paths

Introduced through: docker-image|redis@6.2.7-alpine › zlib/zlib@1.2.12-r1
Introduced through: docker-image|redis@6.2.7-alpine › apk-tools/apk-tools@2.12.9-r3 › zlib/zlib@1.2.12-r1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package. See How to fix? for Alpine:3.16 relevant versions.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Remediation

Upgrade Alpine:3.16 zlib to version 1.2.12-r2 or higher.

References

More about this vulnerability