Created
September 12, 2023 11:37
-
-
Save tgerla/c88fee909b01ea8c677054675f923b55 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tgerla@Timothys-MacBook-Pro-2 grype % grype -q alpine:3.7 -o json | go run cmd/grype/main.go explain --id CVE-2022-48174 | |
| CVE-2022-48174 from nvd:cpe (Critical) | |
| There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | |
| Matched packages: | |
| - Package: busybox, version: 1.27.2-r11 | |
| PURL: pkg:apk/alpine/busybox@1.27.2-r11?arch=aarch64&distro=alpine-3.7.3 | |
| Match explanation(s): | |
| - nvd:cpe:CVE-2022-48174 CPE match on `cpe:2.3:a:busybox:busybox:1.27.2-r11:*:*:*:*:*:*:*`. | |
| Locations: | |
| - /lib/apk/db/installed | |
| - Package: ssl_client, version: 1.27.2-r11 | |
| PURL: pkg:apk/alpine/ssl_client@1.27.2-r11?arch=aarch64&upstream=busybox&distro=alpine-3.7.3 | |
| Match explanation(s): | |
| - nvd:cpe:CVE-2022-48174 CPE match on `cpe:2.3:a:busybox:busybox:1.27.2-r11:*:*:*:*:*:*:*`. | |
| Locations: | |
| - /lib/apk/db/installed | |
| URLs: | |
| - https://nvd.nist.gov/vuln/detail/CVE-2022-48174 | |
| tgerla@Timothys-MacBook-Pro-2 grype % |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment