Debian dpkg 1.17.22

CPE Details

Debian dpkg 1.17.22
debian
dpkg
1.17.22
2015-04-14
10h44 +00:00
2023-02-27
18h31 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*

Informations

Vendor

debian

Product

dpkg

Version

1.17.22

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1664 2022-05-26 08h20 +00:00 Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
9.8
Critical
CVE-2017-8283 2017-04-26 03h28 +00:00 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
9.8
Critical
CVE-2015-0860 2015-12-03 19h00 +00:00 Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
7.5
CVE-2015-0840 2015-04-13 12h00 +00:00 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
4.3