CVE-2022-1304 (Out-of-bounds Read) e2fsprogs <1.46.6-r0

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.04k stars 261 forks source link

CVE-2022-1304 (Out-of-bounds Read) e2fsprogs <1.46.6-r0 #307

Open Joshua-Igoni opened 1 year ago

Joshua-Igoni commented 1 year ago

Snyk vulnerability scan picks this up when scanning our images as a 'high-severity', it seems to be a package in alpine3.17, and that is the base image for python:3.10-alpine which we use for our builds, even after upgrading it to the latest in the dockerfile, it still doesnt pass the scan.

ENVIRONMENT.

Docker (alpine-3.17)
python3.10-alpine

STEPS TO REPRODUCE

create a docker file with python3.10-alpine as base
Build image
scan with snyk

felipegouveiae commented 1 year ago

Running apk update & &apk upgrade solved the issue for me.