nats-2.14.2-alpine_linux_amd64

digest	`sha256:8c0cf827d557b41c5973875a2618eb886aa26d20921471f03ed1185702ad1cf2`
vulnerabilities
platform	linux/amd64
size	11 MB
packages	32

stdlib 1.26.3 (golang)

pkg:golang/stdlib@1.26.3

# 2.14.x/alpine3.22/Dockerfile (14:36)
RUN set -eux; \
    apkArch="$(apk --print-arch)"; \
    case "$apkArch" in \
    aarch64) natsArch='arm64'; sha256='15fd0c3438e7178e5316e63be68373ad581c8d78db26e649113aa303b74e5e58' ;; \
    armhf) natsArch='arm6'; sha256='1c2a2b9c52d9232b58ce092ba093c46c5da6f47b1ce9b1342e3ae9465de6e758' ;; \
    armv7) natsArch='arm7'; sha256='6bc20a6f439d72f71dae981ffe3430197eb6e64c0d2c6000b4b4b105904fbd3c' ;; \
    x86_64) natsArch='amd64'; sha256='b3e7b14eb10c895fd90c2dacdb6b65bd3208adcc9524dd7689ba2c1024e6b97a' ;; \
    x86) natsArch='386'; sha256='654a79c090daa27dc9bc638c09e28cb0bdbed5b24e075608357b475367d47edb' ;; \
    s390x) natsArch='s390x'; sha256='acb6081c49e101119fb35a3cb2d77e7970440e968583c61aedf6e64e4f5023d3' ;; \
    ppc64le) natsArch='ppc64le'; sha256='05733a36a22ece31a23059147fbb7a9b27bb86e9770ffb1b6ba7478603b75330' ;; \
    loong64) natsArch='loong64'; sha256='0a31d33cc3430ec9f2b51f789afee4a21fb5d28447d52c661acfd9ea46f5d7fb' ;; \
    *) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
    esac; \
    \
    wget -O nats-server.tar.gz "https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-linux-${natsArch}.tar.gz"; \
    echo "${sha256} *nats-server.tar.gz" | sha256sum -c -; \
    \
    apk add --no-cache ca-certificates tzdata; \
    \
    tar -xf nats-server.tar.gz; \
    rm nats-server.tar.gz; \
    mv "nats-server-v${NATS_SERVER}-linux-${natsArch}/nats-server" /usr/local/bin; \
    rm -rf "nats-server-v${NATS_SERVER}-linux-${natsArch}";

Affected range	`>=1.26.0-0 <1.26.4`
Fixed version	`1.26.4`
EPSS Score	`0.560%`
EPSS Percentile	`42nd percentile`

Description

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

Affected range	`>=1.26.0-0 <1.26.4`
Fixed version	`1.26.4`
EPSS Score	`0.561%`
EPSS Percentile	`42nd percentile`

Description

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname.

With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Affected range	`>=1.26.0-0 <1.26.4`
Fixed version	`1.26.4`
EPSS Score	`0.370%`
EPSS Percentile	`29th percentile`

Description

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

busybox 1.37.0-r20 (apk)

pkg:apk/alpine/busybox@1.37.0-r20?os_name=alpine&os_version=3.22

# 2.14.x/alpine3.22/Dockerfile (0:0)

Affected range	`<=1.37.0-r20`
Fixed version	Not Fixed
EPSS Score	`0.252%`
EPSS Percentile	`16th percentile`

Description