CNNVD-202602-596 Information

CNNVD ID

CNNVD-202602-596

Related CVE

CVE-2026-25122

• CNNVD Published: 2026-02-04

Description (Chinese)

apko是apko开源的一个基于 apk 的 OCI 镜像构建器。 apko 0.14.8版本至1.1.0之前版本存在资源管理错误漏洞，该漏洞源于expandapk.Split函数处理APK归档时未设置明确边界，可能导致资源耗尽。

Description (English)

Apko is an apko based OCI mirror builder. There is a resource management error gap in the apko 0.14.8 to 1.1.0, which arises from the fact that the expandapk.Split function does not set a clear boundary when handling the APK archive, which may lead to depletion of the resource.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

apko

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/chainguard-dev/apko/security/advisories/GHSA-6p9p-q6wh-9j89 https://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b35f5ac965f09 https://access.redhat.com/security/cve/cve-2026-25122

Patch

https://github.com/chainguard-dev/apko/releases