VYPR

apk package

chainguard/heartbeat-fips-8.17

pkg:apk/chainguard/heartbeat-fips-8.17

Vulnerabilities (44)

  • CVE-2025-61723Oct 29, 2025
    affected < 8.17.10-r2fixed 8.17.10-r2

    The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

  • CVE-2025-58189Oct 29, 2025
    affected < 8.17.10-r2fixed 8.17.10-r2

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

  • CVE-2025-58187Oct 29, 2025
    affected < 8.17.10-r2fixed 8.17.10-r2

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2023-49922Dec 12, 2023
    affected < 0fixed 0

    An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or

Page 3 of 3