Vulnerabilites related to debian - dpkg
CVE-2015-0860 (GCVE-0-2015-0860)
Vulnerability from cvelistv5
Published
2015-12-03 20:00
Modified
2024-08-06 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
},
{
"name": "GLSA-201612-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-07"
},
{
"name": "DSA-3407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
},
{
"name": "USN-2820-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2820-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
},
{
"name": "GLSA-201612-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-07"
},
{
"name": "DSA-3407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
},
{
"name": "USN-2820-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2820-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
},
{
"name": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
},
{
"name": "GLSA-201612-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-07"
},
{
"name": "DSA-3407",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3407"
},
{
"name": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
},
{
"name": "USN-2820-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2820-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0860",
"datePublished": "2015-12-03T20:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0396 (GCVE-0-2010-0396)
Vulnerability from cvelistv5
Published
2010-03-12 20:00
Modified
2024-08-07 00:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2011",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2011"
},
{
"name": "dpkg-dpkgsource-dir-traversal(56887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz"
},
{
"name": "ADV-2010-0582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2011",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2011"
},
{
"name": "dpkg-dpkgsource-dir-traversal(56887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz"
},
{
"name": "ADV-2010-0582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2011",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2011"
},
{
"name": "dpkg-dpkgsource-dir-traversal(56887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"
},
{
"name": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz"
},
{
"name": "ADV-2010-0582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0396",
"datePublished": "2010-03-12T20:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2768 (GCVE-0-2004-2768)
Vulnerability from cvelistv5
Published
2010-06-08 18:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dpkg-setgid-privilege-escalation(59428)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackinglinuxexposed.com/articles/20031214.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692"
},
{
"name": "[isn] 20031215 The mysteriously persistently exploitable program explained.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.jammed.com/ISN/2003/12/0056.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dpkg-setgid-privilege-escalation(59428)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackinglinuxexposed.com/articles/20031214.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692"
},
{
"name": "[isn] 20031215 The mysteriously persistently exploitable program explained.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.jammed.com/ISN/2003/12/0056.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dpkg-setgid-privilege-escalation(59428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"
},
{
"name": "http://www.hackinglinuxexposed.com/articles/20031214.html",
"refsource": "MISC",
"url": "http://www.hackinglinuxexposed.com/articles/20031214.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692"
},
{
"name": "[isn] 20031215 The mysteriously persistently exploitable program explained.",
"refsource": "MLIST",
"url": "http://lists.jammed.com/ISN/2003/12/0056.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2768",
"datePublished": "2010-06-08T18:00:00",
"dateReserved": "2010-06-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8625 (GCVE-0-2014-8625)
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-08-06 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/551"
},
{
"name": "dpkg-format-sting(98551)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
},
{
"name": "FEDORA-2015-6974",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
},
{
"name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
},
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/551"
},
{
"name": "dpkg-format-sting(98551)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
},
{
"name": "FEDORA-2015-6974",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
},
{
"name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
},
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/551"
},
{
"name": "dpkg-format-sting(98551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
},
{
"name": "FEDORA-2015-6974",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
},
{
"name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/539"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
},
{
"name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8625",
"datePublished": "2015-01-20T15:00:00",
"dateReserved": "2014-11-06T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8283 (GCVE-0-2017-8283)
Vulnerability from cvelistv5
Published
2017-04-26 05:28
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:21.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98064"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/04/20/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8283",
"datePublished": "2017-04-26T05:28:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:34:21.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3227 (GCVE-0-2014-3227)
Vulnerability from cvelistv5
Published
2014-05-30 18:00
Modified
2024-08-06 10:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/05/29/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/29/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-30T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/05/29/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/29/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/29/16"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/29/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3227",
"datePublished": "2014-05-30T18:00:00",
"dateReserved": "2014-05-06T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0402 (GCVE-0-2011-0402)
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "dpkg-dpkgsource-symlink(64614)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
},
{
"name": "42826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "USN-1038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "70367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70367"
},
{
"name": "ADV-2011-0040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "43054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "dpkg-dpkgsource-symlink(64614)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
},
{
"name": "42826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "USN-1038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "70367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70367"
},
{
"name": "ADV-2011-0040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "43054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "dpkg-dpkgsource-symlink(64614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
},
{
"name": "42826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "USN-1038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "70367",
"refsource": "OSVDB",
"url": "http://osvdb.org/70367"
},
{
"name": "ADV-2011-0040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "43054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0402",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2011-01-10T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6297 (GCVE-0-2025-6297)
Vulnerability from cvelistv5
Published
2025-07-01 16:16
Modified
2025-07-01 17:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on
adversarial .deb packages or with well compressible files, placed
inside a directory with permissions not allowing removal by a non-root
user, this can end up in a DoS scenario due to causing disk quota
exhaustion or disk full conditions.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T17:30:21.146019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T17:30:37.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "dpkg",
"vendor": "Debian",
"versions": [
{
"lessThan": "ed6bbd445dd8800308c67236ba35d08004c98e82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.\u003cbr\u003e"
}
],
"value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T17:21:05.050Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "dpkg-deb: Fix cleanup for control member with restricted directories",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2025-6297",
"datePublished": "2025-07-01T16:16:54.624Z",
"dateReserved": "2025-06-19T07:40:18.350Z",
"dateUpdated": "2025-07-01T17:30:37.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3127 (GCVE-0-2014-3127)
Vulnerability from cvelistv5
Published
2014-05-14 00:00
Modified
2024-08-06 10:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"name": "67181",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-30T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"name": "67181",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"name": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog",
"refsource": "CONFIRM",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"name": "67181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3127",
"datePublished": "2014-05-14T00:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1664 (GCVE-0-2022-1664)
Vulnerability from cvelistv5
Published
2022-05-26 08:20
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- directory traversal
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpkg",
"vendor": "Debian",
"versions": [
{
"changes": [
{
"at": "1.20.10",
"status": "unaffected"
},
{
"at": "1.19.8",
"status": "unaffected"
},
{
"at": "1.18.26",
"status": "unaffected"
}
],
"lessThan": "1.21.8",
"status": "affected",
"version": "1.14.17",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"source": {
"advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
"defect": [
"DSA-5147-1"
],
"discovery": "EXTERNAL"
},
"title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2022-1664",
"datePublished": "2022-05-26T08:20:15.198129Z",
"dateReserved": "2022-05-10T00:00:00",
"dateUpdated": "2024-09-17T02:16:10.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0471 (GCVE-0-2014-0471)
Vulnerability from cvelistv5
Published
2014-04-30 14:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:17.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2915"
},
{
"name": "67106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67106"
},
{
"name": "USN-2183-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2183-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2915"
},
{
"name": "67106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67106"
},
{
"name": "USN-2183-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2183-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2915",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2915"
},
{
"name": "67106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67106"
},
{
"name": "USN-2183-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2183-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0471",
"datePublished": "2014-04-30T14:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:17.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1679 (GCVE-0-2010-1679)
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-07 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:52.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "42826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "dpkg-dpkgsource-directory-traversal(64615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
},
{
"name": "USN-1038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "ADV-2011-0040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "70368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70368"
},
{
"name": "43054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "42826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "dpkg-dpkgsource-directory-traversal(64615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
},
{
"name": "USN-1038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "ADV-2011-0040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "70368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70368"
},
{
"name": "43054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "42826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "dpkg-dpkgsource-directory-traversal(64615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
},
{
"name": "USN-1038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "ADV-2011-0040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "70368",
"refsource": "OSVDB",
"url": "http://osvdb.org/70368"
},
{
"name": "43054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1679",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:52.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0840 (GCVE-0-2015-0840)
Vulnerability from cvelistv5
Published
2015-04-13 14:00
Modified
2024-08-06 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:10.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2566-1"
},
{
"name": "FEDORA-2015-6974",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"name": "openSUSE-SU-2015:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
},
{
"name": "DSA-3217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-2566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2566-1"
},
{
"name": "FEDORA-2015-6974",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"name": "openSUSE-SU-2015:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
},
{
"name": "DSA-3217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2566-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2566-1"
},
{
"name": "FEDORA-2015-6974",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"name": "openSUSE-SU-2015:1058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
},
{
"name": "DSA-3217",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0840",
"datePublished": "2015-04-13T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:10.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-12-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://www.debian.org/security/2015/dsa-3407 | Vendor Advisory | |
| security@debian.org | http://www.ubuntu.com/usn/USN-2820-1 | ||
| security@debian.org | https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d | ||
| security@debian.org | https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html | ||
| security@debian.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324 | ||
| security@debian.org | https://security.gentoo.org/glsa/201612-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2820-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201612-07 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.16.11 | |
| debian | dpkg | 1.16.12 | |
| debian | dpkg | 1.16.15 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 | |
| debian | dpkg | 1.17.9 | |
| debian | dpkg | 1.17.10 | |
| debian | dpkg | 1.17.11 | |
| debian | dpkg | 1.17.12 | |
| debian | dpkg | 1.17.13 | |
| debian | dpkg | 1.17.14 | |
| debian | dpkg | 1.17.15 | |
| debian | dpkg | 1.17.16 | |
| debian | dpkg | 1.17.17 | |
| debian | dpkg | 1.17.18 | |
| debian | dpkg | 1.17.19 | |
| debian | dpkg | 1.17.20 | |
| debian | dpkg | 1.17.21 | |
| debian | dpkg | 1.17.22 | |
| debian | dpkg | 1.17.23 | |
| debian | dpkg | 1.17.24 | |
| debian | dpkg | 1.17.25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.15:*:*:*:*:*:*:*",
"matchCriteriaId": "096CA319-CBAA-498E-A559-6B6F8690CEFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
"matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
"matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*",
"matchCriteriaId": "32CCB09B-144F-48E0-BB8C-453C15292F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.25:*:*:*:*:*:*:*",
"matchCriteriaId": "781C2E3F-A281-499B-A0AA-404117EAA63D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Error por un paso en la funci\u00f3n extracthalf en dpkg-deb/extract.c en el componente dpkg-deb en Debian dpkg 1.16.x en versiones anteriores a 1.16.17 y 1.17.x en versiones anteriores a 1.17.26 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del n\u00famero m\u00e1gico de versi\u00f3n del archivo en un paquete binario de Debian \u0027old-style\u0027, lo que desencadena un desbordamiento de buffer basado en pila."
}
],
"id": "CVE-2015-0860",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-03T20:59:01.847",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3407"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2820-1"
},
{
"source": "security@debian.org",
"url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
},
{
"source": "security@debian.org",
"url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201612-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2820-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-07"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2025-04-11 00:51
Severity ?
Summary
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html | ||
| cve@mitre.org | http://osvdb.org/70367 | ||
| cve@mitre.org | http://secunia.com/advisories/42826 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/42831 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/43054 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2142 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/45703 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1038-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0040 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0044 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0196 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64614 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/70367 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42826 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42831 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43054 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2142 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45703 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1038-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0044 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0196 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64614 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | 1.9.19 | |
| debian | dpkg | 1.9.20 | |
| debian | dpkg | 1.9.21 | |
| debian | dpkg | 1.10 | |
| debian | dpkg | 1.10.1 | |
| debian | dpkg | 1.10.2 | |
| debian | dpkg | 1.10.3 | |
| debian | dpkg | 1.10.4 | |
| debian | dpkg | 1.10.5 | |
| debian | dpkg | 1.10.6 | |
| debian | dpkg | 1.10.7 | |
| debian | dpkg | 1.10.8 | |
| debian | dpkg | 1.10.9 | |
| debian | dpkg | 1.10.10 | |
| debian | dpkg | 1.10.11 | |
| debian | dpkg | 1.10.12 | |
| debian | dpkg | 1.10.13 | |
| debian | dpkg | 1.10.14 | |
| debian | dpkg | 1.10.15 | |
| debian | dpkg | 1.10.16 | |
| debian | dpkg | 1.10.17 | |
| debian | dpkg | 1.10.18 | |
| debian | dpkg | 1.10.18.1 | |
| debian | dpkg | 1.10.19 | |
| debian | dpkg | 1.10.20 | |
| debian | dpkg | 1.10.21 | |
| debian | dpkg | 1.10.22 | |
| debian | dpkg | 1.10.23 | |
| debian | dpkg | 1.10.24 | |
| debian | dpkg | 1.10.25 | |
| debian | dpkg | 1.10.26 | |
| debian | dpkg | 1.10.27 | |
| debian | dpkg | 1.10.28 | |
| debian | dpkg | 1.13.0 | |
| debian | dpkg | 1.13.1 | |
| debian | dpkg | 1.13.2 | |
| debian | dpkg | 1.13.3 | |
| debian | dpkg | 1.13.4 | |
| debian | dpkg | 1.13.5 | |
| debian | dpkg | 1.13.6 | |
| debian | dpkg | 1.13.7 | |
| debian | dpkg | 1.13.8 | |
| debian | dpkg | 1.13.9 | |
| debian | dpkg | 1.13.10 | |
| debian | dpkg | 1.13.11 | |
| debian | dpkg | 1.13.11.1 | |
| debian | dpkg | 1.13.12 | |
| debian | dpkg | 1.13.13 | |
| debian | dpkg | 1.13.14 | |
| debian | dpkg | 1.13.15 | |
| debian | dpkg | 1.13.16 | |
| debian | dpkg | 1.13.17 | |
| debian | dpkg | 1.13.18 | |
| debian | dpkg | 1.13.19 | |
| debian | dpkg | 1.13.20 | |
| debian | dpkg | 1.13.21 | |
| debian | dpkg | 1.13.22 | |
| debian | dpkg | 1.13.23 | |
| debian | dpkg | 1.13.24 | |
| debian | dpkg | 1.13.25 | |
| debian | dpkg | 1.14.0 | |
| debian | dpkg | 1.14.1 | |
| debian | dpkg | 1.14.2 | |
| debian | dpkg | 1.14.3 | |
| debian | dpkg | 1.14.4 | |
| debian | dpkg | 1.14.5 | |
| debian | dpkg | 1.14.6 | |
| debian | dpkg | 1.14.7 | |
| debian | dpkg | 1.14.8 | |
| debian | dpkg | 1.14.9 | |
| debian | dpkg | 1.14.10 | |
| debian | dpkg | 1.14.11 | |
| debian | dpkg | 1.14.12 | |
| debian | dpkg | 1.14.13 | |
| debian | dpkg | 1.14.14 | |
| debian | dpkg | 1.14.15 | |
| debian | dpkg | 1.14.16 | |
| debian | dpkg | 1.14.16.1 | |
| debian | dpkg | 1.14.16.2 | |
| debian | dpkg | 1.14.16.3 | |
| debian | dpkg | 1.14.16.4 | |
| debian | dpkg | 1.14.16.5 | |
| debian | dpkg | 1.14.16.6 | |
| debian | dpkg | 1.14.17 | |
| debian | dpkg | 1.14.18 | |
| debian | dpkg | 1.14.19 | |
| debian | dpkg | 1.14.20 | |
| debian | dpkg | 1.14.21 | |
| debian | dpkg | 1.14.22 | |
| debian | dpkg | 1.14.23 | |
| debian | dpkg | 1.14.24 | |
| debian | dpkg | 1.14.25 | |
| debian | dpkg | 1.14.26 | |
| debian | dpkg | 1.14.27 | |
| debian | dpkg | 1.14.28 | |
| debian | dpkg | 1.14.29 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8532266-01AA-414B-A29B-8219855F1E34",
"versionEndIncluding": "1.14.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
"matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
"matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
"matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
"matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
},
{
"lang": "es",
"value": "dpkg-source de dpkg en versiones anteriores a la 1.14.31 y 1.15.x permite a atacantes remotos asistidos por el usuario modificar archivos de su elecci\u00f3n a trav\u00e9s de un ataque symlink en ficheros espec\u00edficos del directorio .pc."
}
],
"id": "CVE-2011-0402",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-11T03:00:05.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70367"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42826"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42831"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43054"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0196"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/191 | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/227 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/67181 | ||
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/191 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/227 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.16.11 | |
| debian | dpkg | 1.16.12 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.8 | |
| debian | dpkg | 1.15.8.9 | |
| debian | dpkg | 1.15.8.10 | |
| debian | dpkg | 1.15.8.11 | |
| debian | dpkg | 1.15.8.12 | |
| debian | dpkg | 1.15.8.13 | |
| debian | dpkg | 1.15.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C7B663-4ADD-42A7-B302-975C05288BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EE9B3E-C62B-4C97-A8A5-16CCAA392FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "248E90A5-6A3C-4647-891E-005DA3A46C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
},
{
"lang": "es",
"value": "dpkg versi\u00f3n 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad \"C-style encoded filenames\" sin reconocer que el programa parche de squeeze carece de esta caracter\u00edstica, lo que desencadena un error de interacci\u00f3n que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente dise\u00f1ado. NOTA: esto se puede considerar un problema de ingenier\u00eda de versiones en el intento por corregir el CVE-2014-0471."
}
],
"id": "CVE-2014-3127",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T00:55:10.400",
"references": [
{
"source": "cve@mitre.org",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67181"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-13 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html | ||
| security@debian.org | http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html | ||
| security@debian.org | http://www.debian.org/security/2015/dsa-3217 | Vendor Advisory | |
| security@debian.org | http://www.ubuntu.com/usn/USN-2566-1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2566-1 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 | |
| debian | dpkg | 1.17.9 | |
| debian | dpkg | 1.17.10 | |
| debian | dpkg | 1.17.11 | |
| debian | dpkg | 1.17.12 | |
| debian | dpkg | 1.17.13 | |
| debian | dpkg | 1.17.14 | |
| debian | dpkg | 1.17.15 | |
| debian | dpkg | 1.17.16 | |
| debian | dpkg | 1.17.17 | |
| debian | dpkg | 1.17.18 | |
| debian | dpkg | 1.17.19 | |
| debian | dpkg | 1.17.20 | |
| debian | dpkg | 1.17.21 | |
| debian | dpkg | 1.17.22 | |
| debian | dpkg | 1.17.23 | |
| debian | dpkg | 1.17.24 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC2DC5F-3635-4847-8111-4C0FDC52FD42",
"versionEndIncluding": "1.16.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
"matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
"matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*",
"matchCriteriaId": "32CCB09B-144F-48E0-BB8C-453C15292F7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
},
{
"lang": "es",
"value": "El comando dpkg-source en Debian dpkg anterior a 1.16.16 y 1.17.x anterior a 1.17.25 permite a atacantes remotos evadir verificaci\u00f3n de firmas a trav\u00e9s de un fichero de control de fuentes de Debian (.dsc) manipulado."
}
],
"id": "CVE-2015-0840",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-13T14:59:01.367",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"source": "security@debian.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3217"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2566-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2566-1"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-30 14:22
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://www.debian.org/security/2014/dsa-2915 | Vendor Advisory | |
| security@debian.org | http://www.securityfocus.com/bid/67106 | ||
| security@debian.org | http://www.ubuntu.com/usn/USN-2183-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2915 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2183-1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | 1.9.1 | |
| debian | dpkg | 1.9.2 | |
| debian | dpkg | 1.9.3 | |
| debian | dpkg | 1.9.7 | |
| debian | dpkg | 1.9.8 | |
| debian | dpkg | 1.9.9 | |
| debian | dpkg | 1.9.10 | |
| debian | dpkg | 1.9.11 | |
| debian | dpkg | 1.9.12 | |
| debian | dpkg | 1.9.13 | |
| debian | dpkg | 1.9.14 | |
| debian | dpkg | 1.9.15 | |
| debian | dpkg | 1.9.16 | |
| debian | dpkg | 1.9.17 | |
| debian | dpkg | 1.9.18 | |
| debian | dpkg | 1.9.19 | |
| debian | dpkg | 1.9.20 | |
| debian | dpkg | 1.9.21 | |
| debian | dpkg | 1.10 | |
| debian | dpkg | 1.10.1 | |
| debian | dpkg | 1.10.2 | |
| debian | dpkg | 1.10.3 | |
| debian | dpkg | 1.10.4 | |
| debian | dpkg | 1.10.5 | |
| debian | dpkg | 1.10.6 | |
| debian | dpkg | 1.10.7 | |
| debian | dpkg | 1.10.8 | |
| debian | dpkg | 1.10.9 | |
| debian | dpkg | 1.10.11 | |
| debian | dpkg | 1.10.12 | |
| debian | dpkg | 1.10.13 | |
| debian | dpkg | 1.10.14 | |
| debian | dpkg | 1.10.15 | |
| debian | dpkg | 1.10.16 | |
| debian | dpkg | 1.10.17 | |
| debian | dpkg | 1.10.18 | |
| debian | dpkg | 1.10.18.1 | |
| debian | dpkg | 1.10.19 | |
| debian | dpkg | 1.10.20 | |
| debian | dpkg | 1.10.21 | |
| debian | dpkg | 1.10.22 | |
| debian | dpkg | 1.10.23 | |
| debian | dpkg | 1.10.24 | |
| debian | dpkg | 1.10.25 | |
| debian | dpkg | 1.10.26 | |
| debian | dpkg | 1.10.27 | |
| debian | dpkg | 1.10.28 | |
| debian | dpkg | 1.13.0 | |
| debian | dpkg | 1.13.1 | |
| debian | dpkg | 1.13.2 | |
| debian | dpkg | 1.13.3 | |
| debian | dpkg | 1.13.4 | |
| debian | dpkg | 1.13.5 | |
| debian | dpkg | 1.13.6 | |
| debian | dpkg | 1.13.7 | |
| debian | dpkg | 1.13.8 | |
| debian | dpkg | 1.13.9 | |
| debian | dpkg | 1.13.10 | |
| debian | dpkg | 1.13.11 | |
| debian | dpkg | 1.13.11.1 | |
| debian | dpkg | 1.13.12 | |
| debian | dpkg | 1.13.13 | |
| debian | dpkg | 1.13.14 | |
| debian | dpkg | 1.13.15 | |
| debian | dpkg | 1.13.16 | |
| debian | dpkg | 1.13.17 | |
| debian | dpkg | 1.13.18 | |
| debian | dpkg | 1.13.19 | |
| debian | dpkg | 1.13.20 | |
| debian | dpkg | 1.13.21 | |
| debian | dpkg | 1.13.22 | |
| debian | dpkg | 1.13.23 | |
| debian | dpkg | 1.13.24 | |
| debian | dpkg | 1.13.25 | |
| debian | dpkg | 1.14.0 | |
| debian | dpkg | 1.14.1 | |
| debian | dpkg | 1.14.2 | |
| debian | dpkg | 1.14.3 | |
| debian | dpkg | 1.14.4 | |
| debian | dpkg | 1.14.5 | |
| debian | dpkg | 1.14.6 | |
| debian | dpkg | 1.14.7 | |
| debian | dpkg | 1.14.8 | |
| debian | dpkg | 1.14.9 | |
| debian | dpkg | 1.14.10 | |
| debian | dpkg | 1.14.11 | |
| debian | dpkg | 1.14.12 | |
| debian | dpkg | 1.14.13 | |
| debian | dpkg | 1.14.14 | |
| debian | dpkg | 1.14.15 | |
| debian | dpkg | 1.14.16 | |
| debian | dpkg | 1.14.16.1 | |
| debian | dpkg | 1.14.16.2 | |
| debian | dpkg | 1.14.16.3 | |
| debian | dpkg | 1.14.16.4 | |
| debian | dpkg | 1.14.16.5 | |
| debian | dpkg | 1.14.16.6 | |
| debian | dpkg | 1.14.17 | |
| debian | dpkg | 1.14.18 | |
| debian | dpkg | 1.14.19 | |
| debian | dpkg | 1.14.20 | |
| debian | dpkg | 1.14.21 | |
| debian | dpkg | 1.14.22 | |
| debian | dpkg | 1.14.23 | |
| debian | dpkg | 1.14.24 | |
| debian | dpkg | 1.14.25 | |
| debian | dpkg | 1.14.26 | |
| debian | dpkg | 1.14.27 | |
| debian | dpkg | 1.14.28 | |
| debian | dpkg | 1.14.29 | |
| debian | dpkg | 1.14.30 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.9 | |
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.16.11 | |
| debian | dpkg | 1.16.12 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9165C86-3608-40E6-BDC6-5731D55D377A",
"versionEndIncluding": "1.15.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BE886D-9100-4CE0-AA31-68D3203740C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0490C3F9-1DF6-423E-93A8-5F51E2639637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D016FED-8F0B-4104-9CCC-48CD4563F787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A89C655-FDB6-4F69-8ACE-FA076A61E048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37D54B2A-8250-412C-B164-090C90A6444C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB05EF4-B0B1-4C92-B09F-1B9911A2F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6871FD79-6B00-4015-8EB1-728CA5623DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64A74291-78A4-43C5-B284-B38A22AD5870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F521CAF4-792C-4B16-BC22-21E82D583EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5B856A-F05B-4175-A6E4-40A97B4ADE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF00B7B-839C-4728-A3C2-44177C0CFB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E925582-F14E-4EE1-9952-2B448C22E069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA55BD3-8CB9-4193-97F3-52DDD7516F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3ABA00-605D-4F4B-B5B2-D474C76C257C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "14DD7FEA-4855-462F-B293-61B637F26420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
"matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
"matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
"matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
"matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.30:*:*:*:*:*:*:*",
"matchCriteriaId": "233BB7EC-7A13-4A9E-8AC7-5151C63DA77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funcionalidad de desempaquetado en dpkg anterior a 1.15.9, 1.16.x anterior a 1.16.13 y 1.17.x anterior a 1.17.8 permite a atacantes remotos escribir archivos arbitrarios a trav\u00e9s de un paquete fuente manipulado, relacionado con \"citando nombre de archivo C-style.\""
}
],
"id": "CVE-2014-0471",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-30T14:22:06.140",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2915"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/67106"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2183-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2183-1"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-20 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q4/539 | Exploit | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q4/551 | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q4/622 | ||
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485 | Exploit | |
| cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/98551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q4/539 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q4/551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q4/622 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/98551 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "148DA0C2-D1AA-4601-B0E3-E319D9C680C9",
"versionEndIncluding": "1.17.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cadenas de formatos en la funci\u00f3n parse_error_msg en parsehelp.c en dpkg anterior a 1.17.22 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de cadenas de formatos en el nombre (1) del paquete o (2) de la arquitectura."
}
],
"id": "CVE-2014-8625",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-20T15:59:01.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q4/539"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q4/551"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q4/622"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q4/539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q4/551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q4/622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 14:15
Modified
2024-11-21 06:41
Severity ?
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html | Mailing List, Vendor Advisory | |
| security@debian.org | https://lists.debian.org/debian-security-announce/2022/msg00115.html | Mailing List, Vendor Advisory | |
| security@debian.org | https://security.netapp.com/advisory/ntap-20221007-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-security-announce/2022/msg00115.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221007-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9046EF14-F981-4DC1-9158-55BA8C7BEE98",
"versionEndExcluding": "1.18.26",
"versionStartIncluding": "1.14.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C0D9DB-F9DD-49B3-B62D-A25E034FB370",
"versionEndExcluding": "1.19.8",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F03A306C-0A44-4954-AE36-F24AF7F45470",
"versionEndExcluding": "1.20.10",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639EB115-366E-4B3F-83A0-909C406FC009",
"versionEndExcluding": "1.21.8",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
},
{
"lang": "es",
"value": "La funci\u00f3n Dpkg::Source::Archive en dpkg, el sistema de administraci\u00f3n de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extra\u00eddos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracci\u00f3n en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente dise\u00f1ados"
}
],
"id": "CVE-2022-1664",
"lastModified": "2024-11-21T06:41:12.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T14:15:08.010",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 13:28
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz | Patch | |
| cve@mitre.org | http://www.debian.org/security/2010/dsa-2011 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0582 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/56887 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2011 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0582 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/56887 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | 1.9.19 | |
| debian | dpkg | 1.9.20 | |
| debian | dpkg | 1.9.21 | |
| debian | dpkg | 1.10 | |
| debian | dpkg | 1.10.1 | |
| debian | dpkg | 1.10.2 | |
| debian | dpkg | 1.10.3 | |
| debian | dpkg | 1.10.4 | |
| debian | dpkg | 1.10.5 | |
| debian | dpkg | 1.10.6 | |
| debian | dpkg | 1.10.7 | |
| debian | dpkg | 1.10.8 | |
| debian | dpkg | 1.10.9 | |
| debian | dpkg | 1.10.10 | |
| debian | dpkg | 1.10.11 | |
| debian | dpkg | 1.10.12 | |
| debian | dpkg | 1.10.13 | |
| debian | dpkg | 1.10.14 | |
| debian | dpkg | 1.10.15 | |
| debian | dpkg | 1.10.16 | |
| debian | dpkg | 1.10.17 | |
| debian | dpkg | 1.10.18 | |
| debian | dpkg | 1.10.18.1 | |
| debian | dpkg | 1.10.19 | |
| debian | dpkg | 1.10.20 | |
| debian | dpkg | 1.10.21 | |
| debian | dpkg | 1.10.22 | |
| debian | dpkg | 1.10.23 | |
| debian | dpkg | 1.10.24 | |
| debian | dpkg | 1.10.25 | |
| debian | dpkg | 1.10.26 | |
| debian | dpkg | 1.10.27 | |
| debian | dpkg | 1.10.28 | |
| debian | dpkg | 1.13.0 | |
| debian | dpkg | 1.13.1 | |
| debian | dpkg | 1.13.2 | |
| debian | dpkg | 1.13.3 | |
| debian | dpkg | 1.13.4 | |
| debian | dpkg | 1.13.5 | |
| debian | dpkg | 1.13.6 | |
| debian | dpkg | 1.13.7 | |
| debian | dpkg | 1.13.8 | |
| debian | dpkg | 1.13.9 | |
| debian | dpkg | 1.13.10 | |
| debian | dpkg | 1.13.11 | |
| debian | dpkg | 1.13.11.1 | |
| debian | dpkg | 1.13.12 | |
| debian | dpkg | 1.13.13 | |
| debian | dpkg | 1.13.14 | |
| debian | dpkg | 1.13.15 | |
| debian | dpkg | 1.13.16 | |
| debian | dpkg | 1.13.17 | |
| debian | dpkg | 1.13.18 | |
| debian | dpkg | 1.13.19 | |
| debian | dpkg | 1.13.20 | |
| debian | dpkg | 1.13.21 | |
| debian | dpkg | 1.13.22 | |
| debian | dpkg | 1.13.23 | |
| debian | dpkg | 1.13.24 | |
| debian | dpkg | 1.13.25 | |
| debian | dpkg | 1.14.0 | |
| debian | dpkg | 1.14.1 | |
| debian | dpkg | 1.14.2 | |
| debian | dpkg | 1.14.3 | |
| debian | dpkg | 1.14.4 | |
| debian | dpkg | 1.14.5 | |
| debian | dpkg | 1.14.6 | |
| debian | dpkg | 1.14.7 | |
| debian | dpkg | 1.14.8 | |
| debian | dpkg | 1.14.9 | |
| debian | dpkg | 1.14.10 | |
| debian | dpkg | 1.14.11 | |
| debian | dpkg | 1.14.12 | |
| debian | dpkg | 1.14.13 | |
| debian | dpkg | 1.14.14 | |
| debian | dpkg | 1.14.15 | |
| debian | dpkg | 1.14.16 | |
| debian | dpkg | 1.14.16.1 | |
| debian | dpkg | 1.14.16.2 | |
| debian | dpkg | 1.14.16.3 | |
| debian | dpkg | 1.14.16.4 | |
| debian | dpkg | 1.14.16.5 | |
| debian | dpkg | 1.14.16.6 | |
| debian | dpkg | 1.14.17 | |
| debian | dpkg | 1.14.18 | |
| debian | dpkg | 1.14.19 | |
| debian | dpkg | 1.14.20 | |
| debian | dpkg | 1.14.21 | |
| debian | dpkg | 1.14.22 | |
| debian | dpkg | 1.14.23 | |
| debian | dpkg | 1.14.24 | |
| debian | dpkg | 1.14.25 | |
| debian | dpkg | 1.14.26 | |
| debian | dpkg | 1.14.27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9160C0CD-1A4D-49F7-9261-EF8EA8F5B007",
"versionEndIncluding": "1.14.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
"matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
"matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
"matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
"matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el componente dpkg-source de dpkg en versiones anteriores a la v1.14.29 permite a usuarios remotos modificar ficheros de su elecci\u00f3n a trav\u00e9s de archivos fuente Debian modificados."
}
],
"id": "CVE-2010-0396",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-15T13:28:25.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2011"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0582"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-26 05:59
Modified
2025-04-20 01:37
Severity ?
Summary
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/04/20/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98064 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/04/20/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98064 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | 1.3.0 | |
| debian | dpkg | 1.3.1 | |
| debian | dpkg | 1.3.2 | |
| debian | dpkg | 1.3.3 | |
| debian | dpkg | 1.3.4 | |
| debian | dpkg | 1.3.5 | |
| debian | dpkg | 1.3.6 | |
| debian | dpkg | 1.3.7 | |
| debian | dpkg | 1.3.8 | |
| debian | dpkg | 1.3.9 | |
| debian | dpkg | 1.3.10 | |
| debian | dpkg | 1.3.11 | |
| debian | dpkg | 1.3.12 | |
| debian | dpkg | 1.3.13 | |
| debian | dpkg | 1.3.14 | |
| debian | dpkg | 1.4.0 | |
| debian | dpkg | 1.4.0.1 | |
| debian | dpkg | 1.4.0.2 | |
| debian | dpkg | 1.4.0.3 | |
| debian | dpkg | 1.4.0.4 | |
| debian | dpkg | 1.4.0.5 | |
| debian | dpkg | 1.4.0.6 | |
| debian | dpkg | 1.4.0.7 | |
| debian | dpkg | 1.4.0.8 | |
| debian | dpkg | 1.4.0.9 | |
| debian | dpkg | 1.4.0.10 | |
| debian | dpkg | 1.4.0.11 | |
| debian | dpkg | 1.4.0.12 | |
| debian | dpkg | 1.4.0.13 | |
| debian | dpkg | 1.4.0.14 | |
| debian | dpkg | 1.4.0.15 | |
| debian | dpkg | 1.4.0.16 | |
| debian | dpkg | 1.4.0.17 | |
| debian | dpkg | 1.4.0.18 | |
| debian | dpkg | 1.4.0.19 | |
| debian | dpkg | 1.4.0.20 | |
| debian | dpkg | 1.4.0.21 | |
| debian | dpkg | 1.4.0.22 | |
| debian | dpkg | 1.4.0.23 | |
| debian | dpkg | 1.4.0.23.1 | |
| debian | dpkg | 1.4.0.23.2 | |
| debian | dpkg | 1.4.0.24 | |
| debian | dpkg | 1.4.0.25 | |
| debian | dpkg | 1.4.0.26 | |
| debian | dpkg | 1.4.0.26.0.1 | |
| debian | dpkg | 1.4.0.27 | |
| debian | dpkg | 1.4.0.28 | |
| debian | dpkg | 1.4.0.29 | |
| debian | dpkg | 1.4.0.30 | |
| debian | dpkg | 1.4.0.31 | |
| debian | dpkg | 1.4.1 | |
| debian | dpkg | 1.4.1.1 | |
| debian | dpkg | 1.4.1.2 | |
| debian | dpkg | 1.4.1.3 | |
| debian | dpkg | 1.4.1.4 | |
| debian | dpkg | 1.4.1.5 | |
| debian | dpkg | 1.4.1.6 | |
| debian | dpkg | 1.4.1.7 | |
| debian | dpkg | 1.4.1.8 | |
| debian | dpkg | 1.4.1.9 | |
| debian | dpkg | 1.4.1.10 | |
| debian | dpkg | 1.4.1.11 | |
| debian | dpkg | 1.4.1.12 | |
| debian | dpkg | 1.4.1.13 | |
| debian | dpkg | 1.4.1.14 | |
| debian | dpkg | 1.4.1.15 | |
| debian | dpkg | 1.4.1.16 | |
| debian | dpkg | 1.4.1.17 | |
| debian | dpkg | 1.4.1.18 | |
| debian | dpkg | 1.4.1.19 | |
| debian | dpkg | 1.6 | |
| debian | dpkg | 1.6.1 | |
| debian | dpkg | 1.6.2 | |
| debian | dpkg | 1.6.3 | |
| debian | dpkg | 1.6.4 | |
| debian | dpkg | 1.6.5 | |
| debian | dpkg | 1.6.6 | |
| debian | dpkg | 1.6.7 | |
| debian | dpkg | 1.6.8 | |
| debian | dpkg | 1.6.9 | |
| debian | dpkg | 1.6.10 | |
| debian | dpkg | 1.6.11 | |
| debian | dpkg | 1.6.12 | |
| debian | dpkg | 1.6.12.99 | |
| debian | dpkg | 1.6.13 | |
| debian | dpkg | 1.7.0 | |
| debian | dpkg | 1.7.1 | |
| debian | dpkg | 1.7.2 | |
| debian | dpkg | 1.8.0 | |
| debian | dpkg | 1.8.1 | |
| debian | dpkg | 1.8.1.1 | |
| debian | dpkg | 1.8.2 | |
| debian | dpkg | 1.8.3 | |
| debian | dpkg | 1.8.3.1 | |
| debian | dpkg | 1.9.0 | |
| debian | dpkg | 1.9.1 | |
| debian | dpkg | 1.9.2 | |
| debian | dpkg | 1.9.3 | |
| debian | dpkg | 1.9.4 | |
| debian | dpkg | 1.9.7 | |
| debian | dpkg | 1.9.8 | |
| debian | dpkg | 1.9.9 | |
| debian | dpkg | 1.9.10 | |
| debian | dpkg | 1.9.11 | |
| debian | dpkg | 1.9.12 | |
| debian | dpkg | 1.9.13 | |
| debian | dpkg | 1.9.14 | |
| debian | dpkg | 1.9.15 | |
| debian | dpkg | 1.9.16 | |
| debian | dpkg | 1.9.17 | |
| debian | dpkg | 1.9.18 | |
| debian | dpkg | 1.9.19 | |
| debian | dpkg | 1.9.20 | |
| debian | dpkg | 1.9.21 | |
| debian | dpkg | 1.10 | |
| debian | dpkg | 1.10.1 | |
| debian | dpkg | 1.10.2 | |
| debian | dpkg | 1.10.3 | |
| debian | dpkg | 1.10.4 | |
| debian | dpkg | 1.10.5 | |
| debian | dpkg | 1.10.6 | |
| debian | dpkg | 1.10.7 | |
| debian | dpkg | 1.10.8 | |
| debian | dpkg | 1.10.9 | |
| debian | dpkg | 1.10.10 | |
| debian | dpkg | 1.10.11 | |
| debian | dpkg | 1.10.12 | |
| debian | dpkg | 1.10.13 | |
| debian | dpkg | 1.10.14 | |
| debian | dpkg | 1.10.15 | |
| debian | dpkg | 1.10.16 | |
| debian | dpkg | 1.10.17 | |
| debian | dpkg | 1.10.18 | |
| debian | dpkg | 1.10.18.1 | |
| debian | dpkg | 1.10.19 | |
| debian | dpkg | 1.10.20 | |
| debian | dpkg | 1.10.21 | |
| debian | dpkg | 1.10.22 | |
| debian | dpkg | 1.10.23 | |
| debian | dpkg | 1.10.24 | |
| debian | dpkg | 1.10.25 | |
| debian | dpkg | 1.10.26 | |
| debian | dpkg | 1.10.27 | |
| debian | dpkg | 1.10.28 | |
| debian | dpkg | 1.13.0 | |
| debian | dpkg | 1.13.1 | |
| debian | dpkg | 1.13.2 | |
| debian | dpkg | 1.13.3 | |
| debian | dpkg | 1.13.4 | |
| debian | dpkg | 1.13.5 | |
| debian | dpkg | 1.13.6 | |
| debian | dpkg | 1.13.7 | |
| debian | dpkg | 1.13.8 | |
| debian | dpkg | 1.13.9 | |
| debian | dpkg | 1.13.10 | |
| debian | dpkg | 1.13.11 | |
| debian | dpkg | 1.13.11.1 | |
| debian | dpkg | 1.13.12 | |
| debian | dpkg | 1.13.13 | |
| debian | dpkg | 1.13.14 | |
| debian | dpkg | 1.13.15 | |
| debian | dpkg | 1.13.16 | |
| debian | dpkg | 1.13.17 | |
| debian | dpkg | 1.13.18 | |
| debian | dpkg | 1.13.19 | |
| debian | dpkg | 1.13.20 | |
| debian | dpkg | 1.13.21 | |
| debian | dpkg | 1.13.22 | |
| debian | dpkg | 1.13.23 | |
| debian | dpkg | 1.13.24 | |
| debian | dpkg | 1.13.25 | |
| debian | dpkg | 1.14.0 | |
| debian | dpkg | 1.14.1 | |
| debian | dpkg | 1.14.2 | |
| debian | dpkg | 1.14.3 | |
| debian | dpkg | 1.14.4 | |
| debian | dpkg | 1.14.5 | |
| debian | dpkg | 1.14.6 | |
| debian | dpkg | 1.14.7 | |
| debian | dpkg | 1.14.8 | |
| debian | dpkg | 1.14.9 | |
| debian | dpkg | 1.14.10 | |
| debian | dpkg | 1.14.11 | |
| debian | dpkg | 1.14.12 | |
| debian | dpkg | 1.14.13 | |
| debian | dpkg | 1.14.14 | |
| debian | dpkg | 1.14.15 | |
| debian | dpkg | 1.14.16 | |
| debian | dpkg | 1.14.16.1 | |
| debian | dpkg | 1.14.16.2 | |
| debian | dpkg | 1.14.16.3 | |
| debian | dpkg | 1.14.16.4 | |
| debian | dpkg | 1.14.16.5 | |
| debian | dpkg | 1.14.16.6 | |
| debian | dpkg | 1.14.17 | |
| debian | dpkg | 1.14.18 | |
| debian | dpkg | 1.14.19 | |
| debian | dpkg | 1.14.20 | |
| debian | dpkg | 1.14.21 | |
| debian | dpkg | 1.14.22 | |
| debian | dpkg | 1.14.23 | |
| debian | dpkg | 1.14.24 | |
| debian | dpkg | 1.14.25 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.8 | |
| debian | dpkg | 1.15.8.9 | |
| debian | dpkg | 1.15.8.10 | |
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 | |
| debian | dpkg | 1.17.9 | |
| debian | dpkg | 1.17.10 | |
| debian | dpkg | 1.17.11 | |
| debian | dpkg | 1.17.12 | |
| debian | dpkg | 1.17.13 | |
| debian | dpkg | 1.17.14 | |
| debian | dpkg | 1.17.15 | |
| debian | dpkg | 1.17.16 | |
| debian | dpkg | 1.17.17 | |
| debian | dpkg | 1.17.18 | |
| debian | dpkg | 1.17.19 | |
| debian | dpkg | 1.17.20 | |
| debian | dpkg | 1.17.21 | |
| debian | dpkg | 1.17.22 | |
| debian | dpkg | 1.17.23 | |
| debian | dpkg | 1.18.0 | |
| debian | dpkg | 1.18.1 | |
| debian | dpkg | 1.18.2 | |
| debian | dpkg | 1.18.3 | |
| debian | dpkg | 1.18.4 | |
| debian | dpkg | 1.18.5 | |
| debian | dpkg | 1.18.6 | |
| debian | dpkg | 1.18.7 | |
| debian | dpkg | 1.18.8 | |
| debian | dpkg | 1.18.9 | |
| debian | dpkg | 1.18.10 | |
| debian | dpkg | 1.18.11 | |
| debian | dpkg | 1.18.12 | |
| debian | dpkg | 1.18.13 | |
| debian | dpkg | 1.18.14 | |
| debian | dpkg | 1.18.15 | |
| debian | dpkg | 1.18.16 | |
| debian | dpkg | 1.18.17 | |
| debian | dpkg | 1.18.18 | |
| debian | dpkg | 1.18.19 | |
| debian | dpkg | 1.18.20 | |
| debian | dpkg | 1.18.21 | |
| debian | dpkg | 1.18.22 | |
| debian | dpkg | 1.18.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE11BC65-A189-4C41-8FC0-E61DAC0BC912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68DC4D18-98DE-4070-A464-ADE5A2915F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7044A915-723A-49C4-ACED-677F5D242443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2697BDD6-7532-40A8-854B-92DA1D872A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "324215DB-D8E0-4290-B7BB-349AC53AEAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56A86A15-A67B-4790-A758-E36676F4C727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1B8B87-F93A-4D14-9FE0-FA7DC4D19075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A937129A-2A40-4F7B-B736-07F5ACE9E4D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA31C830-8DB8-44FB-A4C3-A4EF7433DED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68236014-79C9-499E-9CFD-EB7904AB221A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "68A7BEC4-AAF5-4F05-BC76-A4F4E07EEDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "138E37BD-3ABA-40E8-9E07-A532C5C50EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "181FA945-F628-48A8-8D6B-C5F96781D963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "69EC8CFD-776B-4D9C-A8A3-7703CAB8013A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DC4D1-0152-4978-8D88-7ED93880BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EBAB5E-9DF2-4A5E-9949-67532BAA5ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0642122-603B-45FA-8810-0CD731C10F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ABE396-C0C0-4313-B24C-F4F6C6F89670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04EBEA93-015A-4D84-9F79-DDCD235B20FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C3B2B6-63AB-464A-BE1E-124FE06EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A761620C-2D70-4A6F-9155-D041632D5E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "100C956D-67F8-4C5F-98AC-6F541E86793E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "099A34A5-1278-43B1-852E-4BD7EAB10A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D26A8E94-C4CD-4FBD-8ECD-9625988AC8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD99470-344B-4D1C-AF50-A32443855759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA71EE5-C358-4F87-B360-1D840AFF7BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0967EE-F3F9-4FD9-88EC-2D4EED35331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "868D8CB7-4487-4D74-A853-5D4932ECD929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "99E02286-E1D4-4BD6-BEEC-0974F9ACBAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "88B3A1FD-5891-4DDB-9146-8C86054576AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "13987CAD-5EB3-4CAE-ABD8-20F69D2679B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE17C2D-4766-491C-8A5E-1BEFD4FC25D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35F47B-5462-487B-B03C-02B0D34155B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5F98EC0C-9AD2-423C-A291-6E259BF04D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDBAD0-62A5-4EB6-A108-94E19B79C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48338A48-6473-40E8-9A00-68928AE51879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5F2DE5-06D0-444F-9E36-4FF092903661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "777625A3-EFF9-40D8-B7B2-F6CF6E6FE5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "529BB8C9-ECB8-45F0-A23D-68F85E9A27E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F12C1D56-8207-47FF-8435-8400FB20850A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B36EDD80-B829-4702-BECB-B4BA962B6C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "35662456-5125-4440-BD90-25E83B1651F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "161CA3A5-D104-4C36-8B85-A89A068AAF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A462F063-2035-4F94-B011-40D59CFCC75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.26.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0B43-45B3-43FD-B409-73B35D91CFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "70CD70A2-6BB5-45E9-B9B4-49E58C8A352E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B50B78E7-4A34-4F70-8D7C-8C1927D14AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73CD5315-03F3-4015-9332-57DB0444EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AC915218-392A-475C-9BFA-801C1570FD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE984DA-F633-4F9B-8D2A-922B37CA0FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAE05C0-AB65-41B4-A2ED-DAD871FC41D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC8CFDB-1463-486D-9EC8-5587E88330DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AE6599-8498-4C4E-BA5E-D2F9544B9DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D99C20-B149-4565-9EC5-3967EDBB3F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11194B64-27CD-42EC-9AA3-98FA8CF4BB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8451829D-9F66-4AF0-8CB8-16E8DF84C563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32AA8CEF-9923-43FE-A02C-A8E69F30BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "337585EE-9077-4372-AAA8-614E36A3E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFC93C5-A026-4FA7-8959-1D09F2D96BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "91024A66-9F52-4287-910C-B0389D36414F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC869D5-48AF-4720-BD94-B2EF02F09897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8B78931C-2A76-4912-8C54-FB2C63A5ADA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD0F5D2-D941-40EC-B5D9-421A31456962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2DEBDF-8C8E-4930-B840-0B88F4AD225A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3F196354-0D0A-4747-9BB0-05A60461B588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "829A54D4-323E-4A55-9764-A0D27F83EDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5D74CDF5-FF8F-4F2A-8F7B-E37002C14B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4112289F-89FD-422E-B512-2EDC6A2C4209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B488FAE8-3810-44A3-A40F-C5D67FB5E4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.4.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAD4103-0212-4B5C-9ABE-FA3BCA78B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D98E7AB6-C833-4A4D-82F8-BE64DFD975B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1533A379-1905-49E4-B920-8DC0D4232418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D33318FE-17A8-4631-B4A2-D810D4A7D185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51CFC592-35CA-47CF-8FA4-E1B5CDCFE7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6CA47-2E53-4329-AF72-A16A389A5C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6208F6F5-C2E7-4CA1-8F8B-092E926520C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B07AE2C-E0C7-4FDA-B8E6-29A3A1F2B4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FB6751-80FB-43F1-90BD-7E2BAA65A34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCC88E4-5CF3-427B-9A3D-ADC903FCF490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA442560-01D1-44C5-828A-64E2607DB958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D9195F43-E46B-44BE-9F5C-8EC80E566D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C32C965-770A-4B24-A2F4-6AC80CE02375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B74618-8C89-4D0D-8E41-C4E2CB4FB24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.12.99:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5C39F9-5EA2-4DFB-A9EE-55CED73D01BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2444778F-500F-44CB-8173-3B17E49128E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3321CE7C-9944-402C-AD82-36256995F7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAE63D0-EAAC-47DF-B683-D60B3668E810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4A761C-7ED6-4FB8-9B9B-FFC1C5FB1C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C88010-BE41-4666-8BF1-E9DE3FA118DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84094BA-DEF2-4918-B761-CA944C4F484E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "322254FF-7E4B-4265-B21B-015E62FA791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39F6F5-ABE2-4F40-94BA-62FB458F55BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7919A700-73F9-4502-99C9-4A6A1E9FC6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6B733D-FAAE-490E-8C00-A8816A96FD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C105425C-62F9-4F70-803F-E74D7209DE33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BE886D-9100-4CE0-AA31-68D3203740C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0490C3F9-1DF6-423E-93A8-5F51E2639637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D016FED-8F0B-4104-9CCC-48CD4563F787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E931BD2-852E-4CD1-8C26-957EE1DB9BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A89C655-FDB6-4F69-8ACE-FA076A61E048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37D54B2A-8250-412C-B164-090C90A6444C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB05EF4-B0B1-4C92-B09F-1B9911A2F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6871FD79-6B00-4015-8EB1-728CA5623DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64A74291-78A4-43C5-B284-B38A22AD5870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F521CAF4-792C-4B16-BC22-21E82D583EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5B856A-F05B-4175-A6E4-40A97B4ADE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF00B7B-839C-4728-A3C2-44177C0CFB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E925582-F14E-4EE1-9952-2B448C22E069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA55BD3-8CB9-4193-97F3-52DDD7516F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3ABA00-605D-4F4B-B5B2-D474C76C257C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "14DD7FEA-4855-462F-B293-61B637F26420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
"matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
"matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
"matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
"matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
"matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A70450EA-AACD-465A-A69B-0F08EE3BC872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18A59D8B-0F6F-4DD1-B7C4-DE78328CA860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1C9E9F-7A94-4CBE-AE40-59B2ED00D33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "205EDA2E-9169-4FD3-91D0-D951AD7C46D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BABA3373-F329-4B25-B0A4-E90F6BB9C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C013DEB2-D37A-4AF6-B7C7-9D86A86B67AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54B7D843-E7A3-4DC7-BA1B-2DE736EECACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F9F980-1824-46D1-894E-7DE85F79E0C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D4CF19-06AB-4D3A-A359-E09DC79EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.9:*:*:*:*:*:*:*",
"matchCriteriaId": "10E61A26-5ABC-4A8F-B6F0-2445180C3B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "066D3291-A27E-4153-9EA2-7A003B228B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.11:*:*:*:*:*:*:*",
"matchCriteriaId": "745F3B54-C363-4D95-8384-1DD3398BDC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1177CE36-95A5-4B66-9B62-82785A8B3032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DA2F2-9021-458A-92D6-C283B17F713F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA01874-AD45-4C43-9F7B-4CA493910489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.15:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC924C0-EE2E-4C5A-BB30-F13365F3A11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43E0AEA0-AE21-478F-BA93-6072E7088370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.17:*:*:*:*:*:*:*",
"matchCriteriaId": "87F0DDDD-2D1F-4552-BF03-03E2918CFC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6C63D07C-9D18-4738-BD60-882D500A02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF34992-59E9-45BE-BB39-688E47497A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4E25F1ED-B563-4031-8A22-18F03BD3294B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1377A9-57F5-4334-BAE6-0B45A1423AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB03C737-C7E9-45F1-81A0-16CCE49C12B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.18.23:*:*:*:*:*:*:*",
"matchCriteriaId": "23475849-52AE-4030-B627-8D1B48CA893E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
},
{
"lang": "es",
"value": "Dpkg-source en dpkg en las versiones comprendidas entre la 1.3.0 y la 1.18.23 es capaz de usar un programa de parches non-GNU que no ofrece un mecanismo de protecci\u00f3n para diff hunks identadas en blanco, lo que permite a atacantes remotos realizar ataques de salto de directorio a trav\u00e9s de un paquete fuente Debian, como se demuestra mediante el uso de dpkg-source en NetBSD."
}
],
"id": "CVE-2017-8283",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-26T05:59:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-08 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.jammed.com/ISN/2003/12/0056.html | Exploit | |
| cve@mitre.org | http://www.hackinglinuxexposed.com/articles/20031214.html | Exploit | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=598775 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/59428 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.jammed.com/ISN/2003/12/0056.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.hackinglinuxexposed.com/articles/20031214.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=598775 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59428 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059."
},
{
"lang": "es",
"value": "dpkg v1.9.21 no resetea adecuadamente el metadato de un fichero durante el reemplazamiento del fichero en una paquete de actualizaci\u00f3n, lo que puede permitir a usuarios locales obtener privelgeios crando un enlace fuerte en un fichero vulnerable (1) setuid, (2) fiechero setgid, o (3) device, un tema relacionado con CVE-2010-2059."
}
],
"id": "CVE-2004-2768",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-08T18:30:07.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.jammed.com/ISN/2003/12/0056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.hackinglinuxexposed.com/articles/20031214.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.jammed.com/ISN/2003/12/0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.hackinglinuxexposed.com/articles/20031214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-01 17:15
Modified
2025-08-19 17:50
Severity ?
Summary
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on
adversarial .deb packages or with well compressible files, placed
inside a directory with permissions not allowing removal by a non-root
user, this can end up in a DoS scenario due to causing disk quota
exhaustion or disk full conditions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24061A68-C495-4078-B508-1DBA8EA823CC",
"versionEndExcluding": "1.22.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que dpkg-deb no depura correctamente los permisos de directorio al extraer un miembro de control a un directorio temporal, lo cual se documenta como una operaci\u00f3n segura incluso con datos no confiables. Esto puede resultar en la p\u00e9rdida de archivos temporales durante la depuraci\u00f3n. Si se ejecutan comandos dpkg-deb de forma automatizada y repetida en paquetes .deb adversarios o con archivos bien comprimibles, ubicados dentro de un directorio con permisos que impiden la eliminaci\u00f3n por parte de un usuario no root, esto puede provocar un ataque de denegaci\u00f3n de servicio (DoS) al causar el agotamiento de la cuota de disco o la saturaci\u00f3n del disco."
}
],
"id": "CVE-2025-6297",
"lastModified": "2025-08-19T17:50:38.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-01T17:15:30.177",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2014/04/29/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2014/05/29/16 | ||
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/04/29/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/05/29/16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | 1.15.9 | |
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.16.11 | |
| debian | dpkg | 1.16.12 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
},
{
"lang": "es",
"value": "dpkg 1.15.9, 1.16.x anterior a 1.16.14 y 1.17.x anterior a 1.17.9 esperan que el programa de parche conforme con una necesidad para la funcionalidad \u0027nombres de archivos codificados C-style\u0027, pero est\u00e1 soportado en entornos con programas de parche no conformes, lo que provoca un error de interacci\u00f3n que permite a atacantes remotos realizar ataques de salto de directorio y modificar archivos fuera de los directorios intencionados a trav\u00e9s de un paquete de fuente manipulado. NOTA: esta vulnerabilidad existe debido a dependencia en restricciones no realistas sobre el comportamiento de un programa externo."
}
],
"id": "CVE-2014-3227",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-30T18:55:05.960",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/04/29/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/05/29/16"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/04/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/05/29/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html | ||
| cve@mitre.org | http://osvdb.org/70368 | ||
| cve@mitre.org | http://secunia.com/advisories/42826 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/42831 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/43054 | ||
| cve@mitre.org | http://www.debian.org/security/2011/dsa-2142 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/45703 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1038-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0040 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0044 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0196 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/70368 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42826 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42831 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43054 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2142 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45703 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1038-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0044 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0196 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64615 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | 1.9.19 | |
| debian | dpkg | 1.9.20 | |
| debian | dpkg | 1.9.21 | |
| debian | dpkg | 1.10 | |
| debian | dpkg | 1.10.1 | |
| debian | dpkg | 1.10.2 | |
| debian | dpkg | 1.10.3 | |
| debian | dpkg | 1.10.4 | |
| debian | dpkg | 1.10.5 | |
| debian | dpkg | 1.10.6 | |
| debian | dpkg | 1.10.7 | |
| debian | dpkg | 1.10.8 | |
| debian | dpkg | 1.10.9 | |
| debian | dpkg | 1.10.10 | |
| debian | dpkg | 1.10.11 | |
| debian | dpkg | 1.10.12 | |
| debian | dpkg | 1.10.13 | |
| debian | dpkg | 1.10.14 | |
| debian | dpkg | 1.10.15 | |
| debian | dpkg | 1.10.16 | |
| debian | dpkg | 1.10.17 | |
| debian | dpkg | 1.10.18 | |
| debian | dpkg | 1.10.18.1 | |
| debian | dpkg | 1.10.19 | |
| debian | dpkg | 1.10.20 | |
| debian | dpkg | 1.10.21 | |
| debian | dpkg | 1.10.22 | |
| debian | dpkg | 1.10.23 | |
| debian | dpkg | 1.10.24 | |
| debian | dpkg | 1.10.25 | |
| debian | dpkg | 1.10.26 | |
| debian | dpkg | 1.10.27 | |
| debian | dpkg | 1.10.28 | |
| debian | dpkg | 1.13.0 | |
| debian | dpkg | 1.13.1 | |
| debian | dpkg | 1.13.2 | |
| debian | dpkg | 1.13.3 | |
| debian | dpkg | 1.13.4 | |
| debian | dpkg | 1.13.5 | |
| debian | dpkg | 1.13.6 | |
| debian | dpkg | 1.13.7 | |
| debian | dpkg | 1.13.8 | |
| debian | dpkg | 1.13.9 | |
| debian | dpkg | 1.13.10 | |
| debian | dpkg | 1.13.11 | |
| debian | dpkg | 1.13.11.1 | |
| debian | dpkg | 1.13.12 | |
| debian | dpkg | 1.13.13 | |
| debian | dpkg | 1.13.14 | |
| debian | dpkg | 1.13.15 | |
| debian | dpkg | 1.13.16 | |
| debian | dpkg | 1.13.17 | |
| debian | dpkg | 1.13.18 | |
| debian | dpkg | 1.13.19 | |
| debian | dpkg | 1.13.20 | |
| debian | dpkg | 1.13.21 | |
| debian | dpkg | 1.13.22 | |
| debian | dpkg | 1.13.23 | |
| debian | dpkg | 1.13.24 | |
| debian | dpkg | 1.13.25 | |
| debian | dpkg | 1.14.0 | |
| debian | dpkg | 1.14.1 | |
| debian | dpkg | 1.14.2 | |
| debian | dpkg | 1.14.3 | |
| debian | dpkg | 1.14.4 | |
| debian | dpkg | 1.14.5 | |
| debian | dpkg | 1.14.6 | |
| debian | dpkg | 1.14.7 | |
| debian | dpkg | 1.14.8 | |
| debian | dpkg | 1.14.9 | |
| debian | dpkg | 1.14.10 | |
| debian | dpkg | 1.14.11 | |
| debian | dpkg | 1.14.12 | |
| debian | dpkg | 1.14.13 | |
| debian | dpkg | 1.14.14 | |
| debian | dpkg | 1.14.15 | |
| debian | dpkg | 1.14.16 | |
| debian | dpkg | 1.14.16.1 | |
| debian | dpkg | 1.14.16.2 | |
| debian | dpkg | 1.14.16.3 | |
| debian | dpkg | 1.14.16.4 | |
| debian | dpkg | 1.14.16.5 | |
| debian | dpkg | 1.14.16.6 | |
| debian | dpkg | 1.14.17 | |
| debian | dpkg | 1.14.18 | |
| debian | dpkg | 1.14.19 | |
| debian | dpkg | 1.14.20 | |
| debian | dpkg | 1.14.21 | |
| debian | dpkg | 1.14.22 | |
| debian | dpkg | 1.14.23 | |
| debian | dpkg | 1.14.24 | |
| debian | dpkg | 1.14.25 | |
| debian | dpkg | 1.14.26 | |
| debian | dpkg | 1.14.27 | |
| debian | dpkg | 1.14.28 | |
| debian | dpkg | 1.14.29 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8532266-01AA-414B-A29B-8219855F1E34",
"versionEndIncluding": "1.14.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
"matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
"matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
"matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
"matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en dpkg-source en dpkg anterior a v1.14.31 y v1.15.x, permite a atacantes remotos asistidos por el usuario modificar archivos de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en un parche para un paquete en formato fuente 3.0."
}
],
"id": "CVE-2010-1679",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-11T03:00:01.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70368"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42826"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42831"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43054"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0196"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}