CNNVD-202602-595 Information

CNNVD ID

CNNVD-202602-595

Related CVE

CVE-2026-25140

• CNNVD Published: 2026-02-04

Description (Chinese)

apko是apko开源的一个基于 apk 的 OCI 镜像构建器。 apko 0.14.8版本至1.1.1之前版本存在资源管理错误漏洞，该漏洞源于ExpandApk函数未强制执行解压缩限制，可能导致资源耗尽、构建失败或拒绝服务。

Description (English)

Apko is an apko based OCI mirror builder. Prior to apko 0.14.8 to 1.1.1, there was a resource management error loophole, which originated from the ExpandApk function ’ s failure to enforce decompression restrictions that could lead to resource depletion, construction failure or denial of service.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

apko

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/chainguard-dev/apko/security/advisories/GHSA-f4w5-5xv9-85f6 https://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b35f5ac965f09 https://access.redhat.com/security/cve/cve-2026-25140

Patch

https://github.com/chainguard-dev/apko/releases