Snyk - Open Source Security

Snyk test report

September 7th 2022, 7:37:46 pm

Scanned the following path:
  • redis:6.2.7-alpine (apk)
1 known vulnerabilities
2 vulnerable dependency paths
17 dependencies
Project docker-image|redis
Path redis:6.2.7-alpine
Package Manager apk

Out-of-bounds Write

critical severity

  • Package Manager: alpine:3.16
  • Vulnerable module: zlib/zlib
  • Introduced through: docker-image|redis@6.2.7-alpine and zlib/zlib@1.2.12-r1

Detailed paths

  • Introduced through: docker-image|redis@6.2.7-alpine zlib/zlib@1.2.12-r1
  • Introduced through: docker-image|redis@6.2.7-alpine apk-tools/apk-tools@2.12.9-r3 zlib/zlib@1.2.12-r1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package. See How to fix? for Alpine:3.16 relevant versions.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).


Upgrade Alpine:3.16 zlib to version 1.2.12-r2 or higher.