Search criteria

39 vulnerabilities found for dpkg by Debian

FKIE_CVE-2025-6297

Vulnerability from fkie_nvd - Published: 2025-07-01 17:15 - Updated: 2025-08-19 17:50
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
References
security@debian.orghttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82Patch
Impacted products
Vendor Product Version
debian dpkg *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24061A68-C495-4078-B508-1DBA8EA823CC",
              "versionEndExcluding": "1.22.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que dpkg-deb no depura correctamente los permisos de directorio al extraer un miembro de control a un directorio temporal, lo cual se documenta como una operaci\u00f3n segura incluso con datos no confiables. Esto puede resultar en la p\u00e9rdida de archivos temporales durante la depuraci\u00f3n. Si se ejecutan comandos dpkg-deb de forma automatizada y repetida en paquetes .deb adversarios o con archivos bien comprimibles, ubicados dentro de un directorio con permisos que impiden la eliminaci\u00f3n por parte de un usuario no root, esto puede provocar un ataque de denegaci\u00f3n de servicio (DoS) al causar el agotamiento de la cuota de disco o la saturaci\u00f3n del disco."
    }
  ],
  "id": "CVE-2025-6297",
  "lastModified": "2025-08-19T17:50:38.047",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-01T17:15:30.177",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-1664

Vulnerability from fkie_nvd - Published: 2022-05-26 14:15 - Updated: 2024-11-21 06:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
References
security@debian.orghttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495Mailing List, Patch, Vendor Advisory
security@debian.orghttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5Mailing List, Patch, Vendor Advisory
security@debian.orghttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200bMailing List, Patch, Vendor Advisory
security@debian.orghttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24beMailing List, Patch, Vendor Advisory
security@debian.orghttps://lists.debian.org/debian-lts-announce/2022/05/msg00033.htmlMailing List, Vendor Advisory
security@debian.orghttps://lists.debian.org/debian-security-announce/2022/msg00115.htmlMailing List, Vendor Advisory
security@debian.orghttps://security.netapp.com/advisory/ntap-20221007-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200bMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24beMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00033.htmlMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-security-announce/2022/msg00115.htmlMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221007-0002/Third Party Advisory
Impacted products
Vendor Product Version
debian dpkg *
debian dpkg *
debian dpkg *
debian dpkg *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp ontap_select_deploy_administration_utility -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9046EF14-F981-4DC1-9158-55BA8C7BEE98",
              "versionEndExcluding": "1.18.26",
              "versionStartIncluding": "1.14.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C0D9DB-F9DD-49B3-B62D-A25E034FB370",
              "versionEndExcluding": "1.19.8",
              "versionStartIncluding": "1.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03A306C-0A44-4954-AE36-F24AF7F45470",
              "versionEndExcluding": "1.20.10",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "639EB115-366E-4B3F-83A0-909C406FC009",
              "versionEndExcluding": "1.21.8",
              "versionStartIncluding": "1.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Dpkg::Source::Archive en dpkg, el sistema de administraci\u00f3n de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extra\u00eddos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracci\u00f3n en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente dise\u00f1ados"
    }
  ],
  "id": "CVE-2022-1664",
  "lastModified": "2024-11-21T06:41:12.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-26T14:15:08.010",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-8283

Vulnerability from fkie_nvd - Published: 2017-04-26 05:59 - Updated: 2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/04/20/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/98064Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/04/20/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98064Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
debian dpkg 1.3.0
debian dpkg 1.3.1
debian dpkg 1.3.2
debian dpkg 1.3.3
debian dpkg 1.3.4
debian dpkg 1.3.5
debian dpkg 1.3.6
debian dpkg 1.3.7
debian dpkg 1.3.8
debian dpkg 1.3.9
debian dpkg 1.3.10
debian dpkg 1.3.11
debian dpkg 1.3.12
debian dpkg 1.3.13
debian dpkg 1.3.14
debian dpkg 1.4.0
debian dpkg 1.4.0.1
debian dpkg 1.4.0.2
debian dpkg 1.4.0.3
debian dpkg 1.4.0.4
debian dpkg 1.4.0.5
debian dpkg 1.4.0.6
debian dpkg 1.4.0.7
debian dpkg 1.4.0.8
debian dpkg 1.4.0.9
debian dpkg 1.4.0.10
debian dpkg 1.4.0.11
debian dpkg 1.4.0.12
debian dpkg 1.4.0.13
debian dpkg 1.4.0.14
debian dpkg 1.4.0.15
debian dpkg 1.4.0.16
debian dpkg 1.4.0.17
debian dpkg 1.4.0.18
debian dpkg 1.4.0.19
debian dpkg 1.4.0.20
debian dpkg 1.4.0.21
debian dpkg 1.4.0.22
debian dpkg 1.4.0.23
debian dpkg 1.4.0.23.1
debian dpkg 1.4.0.23.2
debian dpkg 1.4.0.24
debian dpkg 1.4.0.25
debian dpkg 1.4.0.26
debian dpkg 1.4.0.26.0.1
debian dpkg 1.4.0.27
debian dpkg 1.4.0.28
debian dpkg 1.4.0.29
debian dpkg 1.4.0.30
debian dpkg 1.4.0.31
debian dpkg 1.4.1
debian dpkg 1.4.1.1
debian dpkg 1.4.1.2
debian dpkg 1.4.1.3
debian dpkg 1.4.1.4
debian dpkg 1.4.1.5
debian dpkg 1.4.1.6
debian dpkg 1.4.1.7
debian dpkg 1.4.1.8
debian dpkg 1.4.1.9
debian dpkg 1.4.1.10
debian dpkg 1.4.1.11
debian dpkg 1.4.1.12
debian dpkg 1.4.1.13
debian dpkg 1.4.1.14
debian dpkg 1.4.1.15
debian dpkg 1.4.1.16
debian dpkg 1.4.1.17
debian dpkg 1.4.1.18
debian dpkg 1.4.1.19
debian dpkg 1.6
debian dpkg 1.6.1
debian dpkg 1.6.2
debian dpkg 1.6.3
debian dpkg 1.6.4
debian dpkg 1.6.5
debian dpkg 1.6.6
debian dpkg 1.6.7
debian dpkg 1.6.8
debian dpkg 1.6.9
debian dpkg 1.6.10
debian dpkg 1.6.11
debian dpkg 1.6.12
debian dpkg 1.6.12.99
debian dpkg 1.6.13
debian dpkg 1.7.0
debian dpkg 1.7.1
debian dpkg 1.7.2
debian dpkg 1.8.0
debian dpkg 1.8.1
debian dpkg 1.8.1.1
debian dpkg 1.8.2
debian dpkg 1.8.3
debian dpkg 1.8.3.1
debian dpkg 1.9.0
debian dpkg 1.9.1
debian dpkg 1.9.2
debian dpkg 1.9.3
debian dpkg 1.9.4
debian dpkg 1.9.7
debian dpkg 1.9.8
debian dpkg 1.9.9
debian dpkg 1.9.10
debian dpkg 1.9.11
debian dpkg 1.9.12
debian dpkg 1.9.13
debian dpkg 1.9.14
debian dpkg 1.9.15
debian dpkg 1.9.16
debian dpkg 1.9.17
debian dpkg 1.9.18
debian dpkg 1.9.19
debian dpkg 1.9.20
debian dpkg 1.9.21
debian dpkg 1.10
debian dpkg 1.10.1
debian dpkg 1.10.2
debian dpkg 1.10.3
debian dpkg 1.10.4
debian dpkg 1.10.5
debian dpkg 1.10.6
debian dpkg 1.10.7
debian dpkg 1.10.8
debian dpkg 1.10.9
debian dpkg 1.10.10
debian dpkg 1.10.11
debian dpkg 1.10.12
debian dpkg 1.10.13
debian dpkg 1.10.14
debian dpkg 1.10.15
debian dpkg 1.10.16
debian dpkg 1.10.17
debian dpkg 1.10.18
debian dpkg 1.10.18.1
debian dpkg 1.10.19
debian dpkg 1.10.20
debian dpkg 1.10.21
debian dpkg 1.10.22
debian dpkg 1.10.23
debian dpkg 1.10.24
debian dpkg 1.10.25
debian dpkg 1.10.26
debian dpkg 1.10.27
debian dpkg 1.10.28
debian dpkg 1.13.0
debian dpkg 1.13.1
debian dpkg 1.13.2
debian dpkg 1.13.3
debian dpkg 1.13.4
debian dpkg 1.13.5
debian dpkg 1.13.6
debian dpkg 1.13.7
debian dpkg 1.13.8
debian dpkg 1.13.9
debian dpkg 1.13.10
debian dpkg 1.13.11
debian dpkg 1.13.11.1
debian dpkg 1.13.12
debian dpkg 1.13.13
debian dpkg 1.13.14
debian dpkg 1.13.15
debian dpkg 1.13.16
debian dpkg 1.13.17
debian dpkg 1.13.18
debian dpkg 1.13.19
debian dpkg 1.13.20
debian dpkg 1.13.21
debian dpkg 1.13.22
debian dpkg 1.13.23
debian dpkg 1.13.24
debian dpkg 1.13.25
debian dpkg 1.14.0
debian dpkg 1.14.1
debian dpkg 1.14.2
debian dpkg 1.14.3
debian dpkg 1.14.4
debian dpkg 1.14.5
debian dpkg 1.14.6
debian dpkg 1.14.7
debian dpkg 1.14.8
debian dpkg 1.14.9
debian dpkg 1.14.10
debian dpkg 1.14.11
debian dpkg 1.14.12
debian dpkg 1.14.13
debian dpkg 1.14.14
debian dpkg 1.14.15
debian dpkg 1.14.16
debian dpkg 1.14.16.1
debian dpkg 1.14.16.2
debian dpkg 1.14.16.3
debian dpkg 1.14.16.4
debian dpkg 1.14.16.5
debian dpkg 1.14.16.6
debian dpkg 1.14.17
debian dpkg 1.14.18
debian dpkg 1.14.19
debian dpkg 1.14.20
debian dpkg 1.14.21
debian dpkg 1.14.22
debian dpkg 1.14.23
debian dpkg 1.14.24
debian dpkg 1.14.25
debian dpkg 1.15.0
debian dpkg 1.15.1
debian dpkg 1.15.2
debian dpkg 1.15.3
debian dpkg 1.15.3.1
debian dpkg 1.15.4
debian dpkg 1.15.4.1
debian dpkg 1.15.5
debian dpkg 1.15.5.1
debian dpkg 1.15.5.2
debian dpkg 1.15.5.3
debian dpkg 1.15.5.4
debian dpkg 1.15.5.5
debian dpkg 1.15.5.6
debian dpkg 1.15.6
debian dpkg 1.15.6.1
debian dpkg 1.15.7
debian dpkg 1.15.7.1
debian dpkg 1.15.7.2
debian dpkg 1.15.8
debian dpkg 1.15.8.1
debian dpkg 1.15.8.2
debian dpkg 1.15.8.3
debian dpkg 1.15.8.4
debian dpkg 1.15.8.5
debian dpkg 1.15.8.6
debian dpkg 1.15.8.7
debian dpkg 1.15.8.8
debian dpkg 1.15.8.9
debian dpkg 1.15.8.10
debian dpkg 1.16.0
debian dpkg 1.16.0.1
debian dpkg 1.16.0.2
debian dpkg 1.16.0.3
debian dpkg 1.16.1
debian dpkg 1.16.1.1
debian dpkg 1.16.1.2
debian dpkg 1.16.2
debian dpkg 1.16.3
debian dpkg 1.16.4
debian dpkg 1.16.4.1
debian dpkg 1.16.4.2
debian dpkg 1.16.4.3
debian dpkg 1.16.5
debian dpkg 1.16.6
debian dpkg 1.16.7
debian dpkg 1.16.8
debian dpkg 1.16.9
debian dpkg 1.16.10
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
debian dpkg 1.17.8
debian dpkg 1.17.9
debian dpkg 1.17.10
debian dpkg 1.17.11
debian dpkg 1.17.12
debian dpkg 1.17.13
debian dpkg 1.17.14
debian dpkg 1.17.15
debian dpkg 1.17.16
debian dpkg 1.17.17
debian dpkg 1.17.18
debian dpkg 1.17.19
debian dpkg 1.17.20
debian dpkg 1.17.21
debian dpkg 1.17.22
debian dpkg 1.17.23
debian dpkg 1.18.0
debian dpkg 1.18.1
debian dpkg 1.18.2
debian dpkg 1.18.3
debian dpkg 1.18.4
debian dpkg 1.18.5
debian dpkg 1.18.6
debian dpkg 1.18.7
debian dpkg 1.18.8
debian dpkg 1.18.9
debian dpkg 1.18.10
debian dpkg 1.18.11
debian dpkg 1.18.12
debian dpkg 1.18.13
debian dpkg 1.18.14
debian dpkg 1.18.15
debian dpkg 1.18.16
debian dpkg 1.18.17
debian dpkg 1.18.18
debian dpkg 1.18.19
debian dpkg 1.18.20
debian dpkg 1.18.21
debian dpkg 1.18.22
debian dpkg 1.18.23
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE11BC65-A189-4C41-8FC0-E61DAC0BC912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68DC4D18-98DE-4070-A464-ADE5A2915F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7044A915-723A-49C4-ACED-677F5D242443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2697BDD6-7532-40A8-854B-92DA1D872A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "324215DB-D8E0-4290-B7BB-349AC53AEAAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A86A15-A67B-4790-A758-E36676F4C727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1B8B87-F93A-4D14-9FE0-FA7DC4D19075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A937129A-2A40-4F7B-B736-07F5ACE9E4D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA31C830-8DB8-44FB-A4C3-A4EF7433DED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "68236014-79C9-499E-9CFD-EB7904AB221A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A7BEC4-AAF5-4F05-BC76-A4F4E07EEDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "138E37BD-3ABA-40E8-9E07-A532C5C50EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "181FA945-F628-48A8-8D6B-C5F96781D963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "69EC8CFD-776B-4D9C-A8A3-7703CAB8013A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F81DC4D1-0152-4978-8D88-7ED93880BA88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7EBAB5E-9DF2-4A5E-9949-67532BAA5ED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0642122-603B-45FA-8810-0CD731C10F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ABE396-C0C0-4313-B24C-F4F6C6F89670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04EBEA93-015A-4D84-9F79-DDCD235B20FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C3B2B6-63AB-464A-BE1E-124FE06EE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A761620C-2D70-4A6F-9155-D041632D5E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "100C956D-67F8-4C5F-98AC-6F541E86793E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "099A34A5-1278-43B1-852E-4BD7EAB10A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26A8E94-C4CD-4FBD-8ECD-9625988AC8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD99470-344B-4D1C-AF50-A32443855759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DA71EE5-C358-4F87-B360-1D840AFF7BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0967EE-F3F9-4FD9-88EC-2D4EED35331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "868D8CB7-4487-4D74-A853-5D4932ECD929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E02286-E1D4-4BD6-BEEC-0974F9ACBAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B3A1FD-5891-4DDB-9146-8C86054576AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "13987CAD-5EB3-4CAE-ABD8-20F69D2679B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE17C2D-4766-491C-8A5E-1BEFD4FC25D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35F47B-5462-487B-B03C-02B0D34155B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F98EC0C-9AD2-423C-A291-6E259BF04D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFDBAD0-62A5-4EB6-A108-94E19B79C018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "48338A48-6473-40E8-9A00-68928AE51879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB5F2DE5-06D0-444F-9E36-4FF092903661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "777625A3-EFF9-40D8-B7B2-F6CF6E6FE5BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "529BB8C9-ECB8-45F0-A23D-68F85E9A27E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12C1D56-8207-47FF-8435-8400FB20850A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B36EDD80-B829-4702-BECB-B4BA962B6C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "35662456-5125-4440-BD90-25E83B1651F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "161CA3A5-D104-4C36-8B85-A89A068AAF21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A462F063-2035-4F94-B011-40D59CFCC75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.26.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "958F0B43-45B3-43FD-B409-73B35D91CFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CD70A2-6BB5-45E9-B9B4-49E58C8A352E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50B78E7-4A34-4F70-8D7C-8C1927D14AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CD5315-03F3-4015-9332-57DB0444EEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC915218-392A-475C-9BFA-801C1570FD96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE984DA-F633-4F9B-8D2A-922B37CA0FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CAE05C0-AB65-41B4-A2ED-DAD871FC41D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC8CFDB-1463-486D-9EC8-5587E88330DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AE6599-8498-4C4E-BA5E-D2F9544B9DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D99C20-B149-4565-9EC5-3967EDBB3F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11194B64-27CD-42EC-9AA3-98FA8CF4BB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8451829D-9F66-4AF0-8CB8-16E8DF84C563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32AA8CEF-9923-43FE-A02C-A8E69F30BC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "337585EE-9077-4372-AAA8-614E36A3E0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFC93C5-A026-4FA7-8959-1D09F2D96BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "91024A66-9F52-4287-910C-B0389D36414F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC869D5-48AF-4720-BD94-B2EF02F09897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B78931C-2A76-4912-8C54-FB2C63A5ADA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0F5D2-D941-40EC-B5D9-421A31456962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2DEBDF-8C8E-4930-B840-0B88F4AD225A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F196354-0D0A-4747-9BB0-05A60461B588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "829A54D4-323E-4A55-9764-A0D27F83EDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D74CDF5-FF8F-4F2A-8F7B-E37002C14B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4112289F-89FD-422E-B512-2EDC6A2C4209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B488FAE8-3810-44A3-A40F-C5D67FB5E4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAD4103-0212-4B5C-9ABE-FA3BCA78B0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D98E7AB6-C833-4A4D-82F8-BE64DFD975B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1533A379-1905-49E4-B920-8DC0D4232418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D33318FE-17A8-4631-B4A2-D810D4A7D185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CFC592-35CA-47CF-8FA4-E1B5CDCFE7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C6CA47-2E53-4329-AF72-A16A389A5C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6208F6F5-C2E7-4CA1-8F8B-092E926520C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B07AE2C-E0C7-4FDA-B8E6-29A3A1F2B4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80FB6751-80FB-43F1-90BD-7E2BAA65A34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC88E4-5CF3-427B-9A3D-ADC903FCF490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA442560-01D1-44C5-828A-64E2607DB958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9195F43-E46B-44BE-9F5C-8EC80E566D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C32C965-770A-4B24-A2F4-6AC80CE02375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B74618-8C89-4D0D-8E41-C4E2CB4FB24B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.12.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5C39F9-5EA2-4DFB-A9EE-55CED73D01BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2444778F-500F-44CB-8173-3B17E49128E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3321CE7C-9944-402C-AD82-36256995F7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAE63D0-EAAC-47DF-B683-D60B3668E810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A4A761C-7ED6-4FB8-9B9B-FFC1C5FB1C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7C88010-BE41-4666-8BF1-E9DE3FA118DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84094BA-DEF2-4918-B761-CA944C4F484E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "322254FF-7E4B-4265-B21B-015E62FA791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E39F6F5-ABE2-4F40-94BA-62FB458F55BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7919A700-73F9-4502-99C9-4A6A1E9FC6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C6B733D-FAAE-490E-8C00-A8816A96FD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C105425C-62F9-4F70-803F-E74D7209DE33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE886D-9100-4CE0-AA31-68D3203740C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490C3F9-1DF6-423E-93A8-5F51E2639637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D016FED-8F0B-4104-9CCC-48CD4563F787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E931BD2-852E-4CD1-8C26-957EE1DB9BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A89C655-FDB6-4F69-8ACE-FA076A61E048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D54B2A-8250-412C-B164-090C90A6444C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB05EF4-B0B1-4C92-B09F-1B9911A2F10E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6871FD79-6B00-4015-8EB1-728CA5623DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A74291-78A4-43C5-B284-B38A22AD5870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F521CAF4-792C-4B16-BC22-21E82D583EA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5B856A-F05B-4175-A6E4-40A97B4ADE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AF00B7B-839C-4728-A3C2-44177C0CFB0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E925582-F14E-4EE1-9952-2B448C22E069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA55BD3-8CB9-4193-97F3-52DDD7516F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3ABA00-605D-4F4B-B5B2-D474C76C257C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "14DD7FEA-4855-462F-B293-61B637F26420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70450EA-AACD-465A-A69B-0F08EE3BC872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A59D8B-0F6F-4DD1-B7C4-DE78328CA860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E1C9E9F-7A94-4CBE-AE40-59B2ED00D33C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "205EDA2E-9169-4FD3-91D0-D951AD7C46D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BABA3373-F329-4B25-B0A4-E90F6BB9C9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C013DEB2-D37A-4AF6-B7C7-9D86A86B67AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B7D843-E7A3-4DC7-BA1B-2DE736EECACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F9F980-1824-46D1-894E-7DE85F79E0C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D4CF19-06AB-4D3A-A359-E09DC79EA4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E61A26-5ABC-4A8F-B6F0-2445180C3B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "066D3291-A27E-4153-9EA2-7A003B228B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "745F3B54-C363-4D95-8384-1DD3398BDC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1177CE36-95A5-4B66-9B62-82785A8B3032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F11DA2F2-9021-458A-92D6-C283B17F713F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA01874-AD45-4C43-9F7B-4CA493910489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC924C0-EE2E-4C5A-BB30-F13365F3A11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "43E0AEA0-AE21-478F-BA93-6072E7088370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F0DDDD-2D1F-4552-BF03-03E2918CFC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C63D07C-9D18-4738-BD60-882D500A02EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF34992-59E9-45BE-BB39-688E47497A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E25F1ED-B563-4031-8A22-18F03BD3294B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1377A9-57F5-4334-BAE6-0B45A1423AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB03C737-C7E9-45F1-81A0-16CCE49C12B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.18.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "23475849-52AE-4030-B627-8D1B48CA893E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
    },
    {
      "lang": "es",
      "value": "Dpkg-source en dpkg en las versiones comprendidas entre la 1.3.0 y la 1.18.23 es capaz de usar un programa de parches non-GNU que no ofrece un mecanismo de protecci\u00f3n para diff hunks identadas en blanco, lo que permite a atacantes remotos realizar ataques de salto de directorio a trav\u00e9s de un paquete fuente Debian, como se demuestra mediante el uso de dpkg-source en NetBSD."
    }
  ],
  "id": "CVE-2017-8283",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-26T05:59:00.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-0860

Vulnerability from fkie_nvd - Published: 2015-12-03 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
References
security@debian.orghttp://www.debian.org/security/2015/dsa-3407Vendor Advisory
security@debian.orghttp://www.ubuntu.com/usn/USN-2820-1
security@debian.orghttps://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
security@debian.orghttps://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
security@debian.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
security@debian.orghttps://security.gentoo.org/glsa/201612-07
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3407Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2820-1
af854a3a-2127-422b-91ae-364da2661108https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
af854a3a-2127-422b-91ae-364da2661108https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201612-07
Impacted products
Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
debian dpkg 1.16.0
debian dpkg 1.16.0.1
debian dpkg 1.16.0.2
debian dpkg 1.16.0.3
debian dpkg 1.16.1
debian dpkg 1.16.1.1
debian dpkg 1.16.1.2
debian dpkg 1.16.2
debian dpkg 1.16.3
debian dpkg 1.16.4
debian dpkg 1.16.4.1
debian dpkg 1.16.4.2
debian dpkg 1.16.4.3
debian dpkg 1.16.5
debian dpkg 1.16.6
debian dpkg 1.16.7
debian dpkg 1.16.8
debian dpkg 1.16.9
debian dpkg 1.16.10
debian dpkg 1.16.11
debian dpkg 1.16.12
debian dpkg 1.16.15
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
debian dpkg 1.17.8
debian dpkg 1.17.9
debian dpkg 1.17.10
debian dpkg 1.17.11
debian dpkg 1.17.12
debian dpkg 1.17.13
debian dpkg 1.17.14
debian dpkg 1.17.15
debian dpkg 1.17.16
debian dpkg 1.17.17
debian dpkg 1.17.18
debian dpkg 1.17.19
debian dpkg 1.17.20
debian dpkg 1.17.21
debian dpkg 1.17.22
debian dpkg 1.17.23
debian dpkg 1.17.24
debian dpkg 1.17.25
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "096CA319-CBAA-498E-A559-6B6F8690CEFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "32CCB09B-144F-48E0-BB8C-453C15292F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "781C2E3F-A281-499B-A0AA-404117EAA63D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Error por un paso en la funci\u00f3n extracthalf en dpkg-deb/extract.c en el componente dpkg-deb en Debian dpkg 1.16.x en versiones anteriores a 1.16.17 y 1.17.x en versiones anteriores a 1.17.26 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del n\u00famero m\u00e1gico de versi\u00f3n del archivo en un paquete binario de Debian \u0027old-style\u0027, lo que desencadena un desbordamiento de buffer basado en pila."
    }
  ],
  "id": "CVE-2015-0860",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-12-03T20:59:01.847",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3407"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-2820-1"
    },
    {
      "source": "security@debian.org",
      "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
    },
    {
      "source": "security@debian.org",
      "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
    },
    {
      "source": "security@debian.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
    },
    {
      "source": "security@debian.org",
      "url": "https://security.gentoo.org/glsa/201612-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2820-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201612-07"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-0840

Vulnerability from fkie_nvd - Published: 2015-04-13 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
References
security@debian.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
security@debian.orghttp://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html
security@debian.orghttp://www.debian.org/security/2015/dsa-3217Vendor Advisory
security@debian.orghttp://www.ubuntu.com/usn/USN-2566-1Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3217Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2566-1Patch
Impacted products
Vendor Product Version
debian dpkg *
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
debian dpkg 1.17.8
debian dpkg 1.17.9
debian dpkg 1.17.10
debian dpkg 1.17.11
debian dpkg 1.17.12
debian dpkg 1.17.13
debian dpkg 1.17.14
debian dpkg 1.17.15
debian dpkg 1.17.16
debian dpkg 1.17.17
debian dpkg 1.17.18
debian dpkg 1.17.19
debian dpkg 1.17.20
debian dpkg 1.17.21
debian dpkg 1.17.22
debian dpkg 1.17.23
debian dpkg 1.17.24
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC2DC5F-3635-4847-8111-4C0FDC52FD42",
              "versionEndIncluding": "1.16.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E72C4D-373A-4E74-A038-AD79EA0845D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D89B07-FB9C-4D88-91A1-431FB91605DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "067D13A0-0DBA-4749-9E5C-428338758C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "955DA593-FD4C-4BC8-8B64-CA193892C1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E35346F-2FCD-42D3-ADE2-D25DCBF11D86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BF89B-6501-4992-A953-578908C68ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26692A1-6DE7-4295-99BD-EFF9B0C20162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B65F0D-1708-4B73-B9C3-033E8150348D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A257BEDB-0148-4EE6-B7EA-0DE39752F897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A046309-41A1-420C-ABF3-090AD11C9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "198C70C8-EB31-4E54-A690-727518FBCD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E8C0F-0649-4F32-921F-A51EEA4981DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF133CE-B3D1-48C2-8AC1-938E70820CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "32CCB09B-144F-48E0-BB8C-453C15292F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
    },
    {
      "lang": "es",
      "value": "El comando dpkg-source en Debian dpkg anterior a 1.16.16 y 1.17.x anterior a 1.17.25 permite a atacantes remotos evadir verificaci\u00f3n de firmas a trav\u00e9s de un fichero de control de fuentes de Debian (.dsc) manipulado."
    }
  ],
  "id": "CVE-2015-0840",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:01.367",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3217"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2566-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2566-1"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-8625

Vulnerability from fkie_nvd - Published: 2015-01-20 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/539Exploit
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/551
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/622
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485Exploit
cve@mitre.orghttps://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/98551
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/539Exploit
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/551
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/622
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/98551
Impacted products
Vendor Product Version
debian dpkg *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "148DA0C2-D1AA-4601-B0E3-E319D9C680C9",
              "versionEndIncluding": "1.17.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadenas de formatos en la funci\u00f3n parse_error_msg en parsehelp.c en dpkg anterior a 1.17.22 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de cadenas de formatos en el nombre (1) del paquete o (2) de la arquitectura."
    }
  ],
  "id": "CVE-2014-8625",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-20T15:59:01.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/oss-sec/2014/q4/539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q4/551"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q4/622"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/oss-sec/2014/q4/539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q4/551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q4/622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3227

Vulnerability from fkie_nvd - Published: 2014-05-30 18:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
References
cve@mitre.orghttp://openwall.com/lists/oss-security/2014/04/29/4
cve@mitre.orghttp://openwall.com/lists/oss-security/2014/05/29/16
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/04/29/4
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/05/29/16
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306
Impacted products
Vendor Product Version
debian dpkg 1.15.9
debian dpkg 1.16.0
debian dpkg 1.16.0.1
debian dpkg 1.16.0.2
debian dpkg 1.16.0.3
debian dpkg 1.16.1
debian dpkg 1.16.1.1
debian dpkg 1.16.1.2
debian dpkg 1.16.2
debian dpkg 1.16.3
debian dpkg 1.16.4
debian dpkg 1.16.4.1
debian dpkg 1.16.4.2
debian dpkg 1.16.4.3
debian dpkg 1.16.5
debian dpkg 1.16.6
debian dpkg 1.16.7
debian dpkg 1.16.8
debian dpkg 1.16.9
debian dpkg 1.16.10
debian dpkg 1.16.11
debian dpkg 1.16.12
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
debian dpkg 1.17.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
    },
    {
      "lang": "es",
      "value": "dpkg 1.15.9, 1.16.x anterior a 1.16.14 y 1.17.x anterior a 1.17.9 esperan que el programa de parche conforme con una necesidad para la funcionalidad \u0027nombres de archivos codificados C-style\u0027, pero est\u00e1 soportado en entornos con programas de parche no conformes, lo que provoca un error de interacci\u00f3n que permite a atacantes remotos realizar ataques de salto de directorio y modificar archivos fuera de los directorios intencionados a trav\u00e9s de un paquete de fuente manipulado. NOTA: esta vulnerabilidad existe debido a dependencia en restricciones no realistas sobre el comportamiento de un programa externo."
    }
  ],
  "id": "CVE-2014-3227",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-30T18:55:05.960",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3127

Vulnerability from fkie_nvd - Published: 2014-05-14 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
References
cve@mitre.orghttp://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog
cve@mitre.orghttp://seclists.org/oss-sec/2014/q2/191
cve@mitre.orghttp://seclists.org/oss-sec/2014/q2/227
cve@mitre.orghttp://www.securityfocus.com/bid/67181
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306
af854a3a-2127-422b-91ae-364da2661108http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q2/191
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q2/227
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67181
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306
Impacted products
Vendor Product Version
debian dpkg 1.16.0
debian dpkg 1.16.0.1
debian dpkg 1.16.0.2
debian dpkg 1.16.0.3
debian dpkg 1.16.1
debian dpkg 1.16.1.1
debian dpkg 1.16.1.2
debian dpkg 1.16.2
debian dpkg 1.16.3
debian dpkg 1.16.4
debian dpkg 1.16.4.1
debian dpkg 1.16.4.2
debian dpkg 1.16.4.3
debian dpkg 1.16.5
debian dpkg 1.16.6
debian dpkg 1.16.7
debian dpkg 1.16.8
debian dpkg 1.16.9
debian dpkg 1.16.10
debian dpkg 1.16.11
debian dpkg 1.16.12
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
debian dpkg 1.17.8
debian dpkg 1.15.0
debian dpkg 1.15.1
debian dpkg 1.15.2
debian dpkg 1.15.3
debian dpkg 1.15.3.1
debian dpkg 1.15.4
debian dpkg 1.15.4.1
debian dpkg 1.15.5
debian dpkg 1.15.5.1
debian dpkg 1.15.5.2
debian dpkg 1.15.5.3
debian dpkg 1.15.5.4
debian dpkg 1.15.5.5
debian dpkg 1.15.5.6
debian dpkg 1.15.6
debian dpkg 1.15.6.1
debian dpkg 1.15.7
debian dpkg 1.15.7.1
debian dpkg 1.15.7.2
debian dpkg 1.15.8
debian dpkg 1.15.8.1
debian dpkg 1.15.8.2
debian dpkg 1.15.8.3
debian dpkg 1.15.8.4
debian dpkg 1.15.8.5
debian dpkg 1.15.8.6
debian dpkg 1.15.8.7
debian dpkg 1.15.8.8
debian dpkg 1.15.8.9
debian dpkg 1.15.8.10
debian dpkg 1.15.8.11
debian dpkg 1.15.8.12
debian dpkg 1.15.8.13
debian dpkg 1.15.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C7B663-4ADD-42A7-B302-975C05288BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9EE9B3E-C62B-4C97-A8A5-16CCAA392FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "248E90A5-6A3C-4647-891E-005DA3A46C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.  NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
    },
    {
      "lang": "es",
      "value": "dpkg versi\u00f3n 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad \"C-style encoded filenames\" sin reconocer que el programa parche de squeeze carece de esta caracter\u00edstica, lo que desencadena un error de interacci\u00f3n que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente dise\u00f1ado. NOTA: esto se puede considerar un problema de ingenier\u00eda de versiones en el intento por corregir el CVE-2014-0471."
    }
  ],
  "id": "CVE-2014-3127",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-14T00:55:10.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q2/191"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q2/227"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/67181"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q2/191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q2/227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-0471

Vulnerability from fkie_nvd - Published: 2014-04-30 14:22 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
References
security@debian.orghttp://www.debian.org/security/2014/dsa-2915Vendor Advisory
security@debian.orghttp://www.securityfocus.com/bid/67106
security@debian.orghttp://www.ubuntu.com/usn/USN-2183-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67106
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2183-1Vendor Advisory
Impacted products
Vendor Product Version
debian dpkg *
debian dpkg 1.9.1
debian dpkg 1.9.2
debian dpkg 1.9.3
debian dpkg 1.9.7
debian dpkg 1.9.8
debian dpkg 1.9.9
debian dpkg 1.9.10
debian dpkg 1.9.11
debian dpkg 1.9.12
debian dpkg 1.9.13
debian dpkg 1.9.14
debian dpkg 1.9.15
debian dpkg 1.9.16
debian dpkg 1.9.17
debian dpkg 1.9.18
debian dpkg 1.9.19
debian dpkg 1.9.20
debian dpkg 1.9.21
debian dpkg 1.10
debian dpkg 1.10.1
debian dpkg 1.10.2
debian dpkg 1.10.3
debian dpkg 1.10.4
debian dpkg 1.10.5
debian dpkg 1.10.6
debian dpkg 1.10.7
debian dpkg 1.10.8
debian dpkg 1.10.9
debian dpkg 1.10.11
debian dpkg 1.10.12
debian dpkg 1.10.13
debian dpkg 1.10.14
debian dpkg 1.10.15
debian dpkg 1.10.16
debian dpkg 1.10.17
debian dpkg 1.10.18
debian dpkg 1.10.18.1
debian dpkg 1.10.19
debian dpkg 1.10.20
debian dpkg 1.10.21
debian dpkg 1.10.22
debian dpkg 1.10.23
debian dpkg 1.10.24
debian dpkg 1.10.25
debian dpkg 1.10.26
debian dpkg 1.10.27
debian dpkg 1.10.28
debian dpkg 1.13.0
debian dpkg 1.13.1
debian dpkg 1.13.2
debian dpkg 1.13.3
debian dpkg 1.13.4
debian dpkg 1.13.5
debian dpkg 1.13.6
debian dpkg 1.13.7
debian dpkg 1.13.8
debian dpkg 1.13.9
debian dpkg 1.13.10
debian dpkg 1.13.11
debian dpkg 1.13.11.1
debian dpkg 1.13.12
debian dpkg 1.13.13
debian dpkg 1.13.14
debian dpkg 1.13.15
debian dpkg 1.13.16
debian dpkg 1.13.17
debian dpkg 1.13.18
debian dpkg 1.13.19
debian dpkg 1.13.20
debian dpkg 1.13.21
debian dpkg 1.13.22
debian dpkg 1.13.23
debian dpkg 1.13.24
debian dpkg 1.13.25
debian dpkg 1.14.0
debian dpkg 1.14.1
debian dpkg 1.14.2
debian dpkg 1.14.3
debian dpkg 1.14.4
debian dpkg 1.14.5
debian dpkg 1.14.6
debian dpkg 1.14.7
debian dpkg 1.14.8
debian dpkg 1.14.9
debian dpkg 1.14.10
debian dpkg 1.14.11
debian dpkg 1.14.12
debian dpkg 1.14.13
debian dpkg 1.14.14
debian dpkg 1.14.15
debian dpkg 1.14.16
debian dpkg 1.14.16.1
debian dpkg 1.14.16.2
debian dpkg 1.14.16.3
debian dpkg 1.14.16.4
debian dpkg 1.14.16.5
debian dpkg 1.14.16.6
debian dpkg 1.14.17
debian dpkg 1.14.18
debian dpkg 1.14.19
debian dpkg 1.14.20
debian dpkg 1.14.21
debian dpkg 1.14.22
debian dpkg 1.14.23
debian dpkg 1.14.24
debian dpkg 1.14.25
debian dpkg 1.14.26
debian dpkg 1.14.27
debian dpkg 1.14.28
debian dpkg 1.14.29
debian dpkg 1.14.30
debian dpkg 1.15.0
debian dpkg 1.15.1
debian dpkg 1.15.2
debian dpkg 1.15.3
debian dpkg 1.15.3.1
debian dpkg 1.15.4
debian dpkg 1.15.4.1
debian dpkg 1.15.5
debian dpkg 1.15.5.1
debian dpkg 1.15.5.2
debian dpkg 1.15.5.3
debian dpkg 1.15.5.4
debian dpkg 1.15.5.5
debian dpkg 1.15.5.6
debian dpkg 1.15.6
debian dpkg 1.15.6.1
debian dpkg 1.15.7
debian dpkg 1.15.7.1
debian dpkg 1.15.7.2
debian dpkg 1.15.8
debian dpkg 1.15.8.1
debian dpkg 1.15.8.2
debian dpkg 1.15.8.3
debian dpkg 1.15.8.4
debian dpkg 1.15.8.5
debian dpkg 1.15.8.6
debian dpkg 1.15.8.7
debian dpkg 1.15.8.9
debian dpkg 1.16.0
debian dpkg 1.16.0.1
debian dpkg 1.16.0.2
debian dpkg 1.16.0.3
debian dpkg 1.16.1
debian dpkg 1.16.1.1
debian dpkg 1.16.1.2
debian dpkg 1.16.2
debian dpkg 1.16.3
debian dpkg 1.16.4
debian dpkg 1.16.4.1
debian dpkg 1.16.4.2
debian dpkg 1.16.4.3
debian dpkg 1.16.5
debian dpkg 1.16.6
debian dpkg 1.16.7
debian dpkg 1.16.8
debian dpkg 1.16.9
debian dpkg 1.16.10
debian dpkg 1.16.11
debian dpkg 1.16.12
debian dpkg 1.17.0
debian dpkg 1.17.1
debian dpkg 1.17.2
debian dpkg 1.17.3
debian dpkg 1.17.4
debian dpkg 1.17.5
debian dpkg 1.17.6
debian dpkg 1.17.7
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
canonical ubuntu_linux 14.04
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9165C86-3608-40E6-BDC6-5731D55D377A",
              "versionEndIncluding": "1.15.8.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE886D-9100-4CE0-AA31-68D3203740C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490C3F9-1DF6-423E-93A8-5F51E2639637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D016FED-8F0B-4104-9CCC-48CD4563F787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A89C655-FDB6-4F69-8ACE-FA076A61E048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D54B2A-8250-412C-B164-090C90A6444C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB05EF4-B0B1-4C92-B09F-1B9911A2F10E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6871FD79-6B00-4015-8EB1-728CA5623DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A74291-78A4-43C5-B284-B38A22AD5870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F521CAF4-792C-4B16-BC22-21E82D583EA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5B856A-F05B-4175-A6E4-40A97B4ADE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AF00B7B-839C-4728-A3C2-44177C0CFB0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E925582-F14E-4EE1-9952-2B448C22E069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA55BD3-8CB9-4193-97F3-52DDD7516F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3ABA00-605D-4F4B-B5B2-D474C76C257C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "14DD7FEA-4855-462F-B293-61B637F26420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "233BB7EC-7A13-4A9E-8AC7-5151C63DA77E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la funcionalidad de desempaquetado en dpkg anterior a 1.15.9, 1.16.x anterior a 1.16.13 y 1.17.x anterior a 1.17.8 permite a atacantes remotos escribir archivos arbitrarios a trav\u00e9s de un paquete fuente manipulado, relacionado con \"citando nombre de archivo C-style.\""
    }
  ],
  "id": "CVE-2014-0471",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-30T14:22:06.140",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2915"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/67106"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2183-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2183-1"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-0402

Vulnerability from fkie_nvd - Published: 2011-01-11 03:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
cve@mitre.orghttp://osvdb.org/70367
cve@mitre.orghttp://secunia.com/advisories/42826Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/42831Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/43054
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2142
cve@mitre.orghttp://www.securityfocus.com/bid/45703
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1038-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0040Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0044Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0196
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64614
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70367
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42826Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42831Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43054
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2142
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45703
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1038-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0040Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0044Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0196
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64614
Impacted products
Vendor Product Version
debian dpkg *
debian dpkg 1.9.19
debian dpkg 1.9.20
debian dpkg 1.9.21
debian dpkg 1.10
debian dpkg 1.10.1
debian dpkg 1.10.2
debian dpkg 1.10.3
debian dpkg 1.10.4
debian dpkg 1.10.5
debian dpkg 1.10.6
debian dpkg 1.10.7
debian dpkg 1.10.8
debian dpkg 1.10.9
debian dpkg 1.10.10
debian dpkg 1.10.11
debian dpkg 1.10.12
debian dpkg 1.10.13
debian dpkg 1.10.14
debian dpkg 1.10.15
debian dpkg 1.10.16
debian dpkg 1.10.17
debian dpkg 1.10.18
debian dpkg 1.10.18.1
debian dpkg 1.10.19
debian dpkg 1.10.20
debian dpkg 1.10.21
debian dpkg 1.10.22
debian dpkg 1.10.23
debian dpkg 1.10.24
debian dpkg 1.10.25
debian dpkg 1.10.26
debian dpkg 1.10.27
debian dpkg 1.10.28
debian dpkg 1.13.0
debian dpkg 1.13.1
debian dpkg 1.13.2
debian dpkg 1.13.3
debian dpkg 1.13.4
debian dpkg 1.13.5
debian dpkg 1.13.6
debian dpkg 1.13.7
debian dpkg 1.13.8
debian dpkg 1.13.9
debian dpkg 1.13.10
debian dpkg 1.13.11
debian dpkg 1.13.11.1
debian dpkg 1.13.12
debian dpkg 1.13.13
debian dpkg 1.13.14
debian dpkg 1.13.15
debian dpkg 1.13.16
debian dpkg 1.13.17
debian dpkg 1.13.18
debian dpkg 1.13.19
debian dpkg 1.13.20
debian dpkg 1.13.21
debian dpkg 1.13.22
debian dpkg 1.13.23
debian dpkg 1.13.24
debian dpkg 1.13.25
debian dpkg 1.14.0
debian dpkg 1.14.1
debian dpkg 1.14.2
debian dpkg 1.14.3
debian dpkg 1.14.4
debian dpkg 1.14.5
debian dpkg 1.14.6
debian dpkg 1.14.7
debian dpkg 1.14.8
debian dpkg 1.14.9
debian dpkg 1.14.10
debian dpkg 1.14.11
debian dpkg 1.14.12
debian dpkg 1.14.13
debian dpkg 1.14.14
debian dpkg 1.14.15
debian dpkg 1.14.16
debian dpkg 1.14.16.1
debian dpkg 1.14.16.2
debian dpkg 1.14.16.3
debian dpkg 1.14.16.4
debian dpkg 1.14.16.5
debian dpkg 1.14.16.6
debian dpkg 1.14.17
debian dpkg 1.14.18
debian dpkg 1.14.19
debian dpkg 1.14.20
debian dpkg 1.14.21
debian dpkg 1.14.22
debian dpkg 1.14.23
debian dpkg 1.14.24
debian dpkg 1.14.25
debian dpkg 1.14.26
debian dpkg 1.14.27
debian dpkg 1.14.28
debian dpkg 1.14.29
debian dpkg 1.15.0
debian dpkg 1.15.1
debian dpkg 1.15.2
debian dpkg 1.15.3
debian dpkg 1.15.3.1
debian dpkg 1.15.4
debian dpkg 1.15.4.1
debian dpkg 1.15.5
debian dpkg 1.15.5.1
debian dpkg 1.15.5.2
debian dpkg 1.15.5.3
debian dpkg 1.15.5.4
debian dpkg 1.15.5.5
debian dpkg 1.15.5.6
debian dpkg 1.15.6
debian dpkg 1.15.6.1
debian dpkg 1.15.7
debian dpkg 1.15.7.1
debian dpkg 1.15.7.2
debian dpkg 1.15.8
debian dpkg 1.15.8.1
debian dpkg 1.15.8.2
debian dpkg 1.15.8.3
debian dpkg 1.15.8.4
debian dpkg 1.15.8.5
debian dpkg 1.15.8.6
debian dpkg 1.15.8.7
debian dpkg 1.15.8.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8532266-01AA-414B-A29B-8219855F1E34",
              "versionEndIncluding": "1.14.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
    },
    {
      "lang": "es",
      "value": "dpkg-source de dpkg en versiones anteriores a la 1.14.31 y 1.15.x permite a atacantes remotos asistidos por el usuario modificar archivos de su elecci\u00f3n a trav\u00e9s de un ataque symlink en ficheros espec\u00edficos del directorio .pc."
    }
  ],
  "id": "CVE-2011-0402",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-11T03:00:05.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70367"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42826"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42831"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43054"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2142"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45703"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1038-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0040"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0044"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0196"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1038-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2010-1679

Vulnerability from fkie_nvd - Published: 2011-01-11 03:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
cve@mitre.orghttp://osvdb.org/70368
cve@mitre.orghttp://secunia.com/advisories/42826Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/42831Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/43054
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2142Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/45703
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1038-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0040Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0044Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0196
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64615
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70368
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42826Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42831Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43054
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2142Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45703
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1038-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0040Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0044Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0196
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64615
Impacted products
Vendor Product Version
debian dpkg *
debian dpkg 1.9.19
debian dpkg 1.9.20
debian dpkg 1.9.21
debian dpkg 1.10
debian dpkg 1.10.1
debian dpkg 1.10.2
debian dpkg 1.10.3
debian dpkg 1.10.4
debian dpkg 1.10.5
debian dpkg 1.10.6
debian dpkg 1.10.7
debian dpkg 1.10.8
debian dpkg 1.10.9
debian dpkg 1.10.10
debian dpkg 1.10.11
debian dpkg 1.10.12
debian dpkg 1.10.13
debian dpkg 1.10.14
debian dpkg 1.10.15
debian dpkg 1.10.16
debian dpkg 1.10.17
debian dpkg 1.10.18
debian dpkg 1.10.18.1
debian dpkg 1.10.19
debian dpkg 1.10.20
debian dpkg 1.10.21
debian dpkg 1.10.22
debian dpkg 1.10.23
debian dpkg 1.10.24
debian dpkg 1.10.25
debian dpkg 1.10.26
debian dpkg 1.10.27
debian dpkg 1.10.28
debian dpkg 1.13.0
debian dpkg 1.13.1
debian dpkg 1.13.2
debian dpkg 1.13.3
debian dpkg 1.13.4
debian dpkg 1.13.5
debian dpkg 1.13.6
debian dpkg 1.13.7
debian dpkg 1.13.8
debian dpkg 1.13.9
debian dpkg 1.13.10
debian dpkg 1.13.11
debian dpkg 1.13.11.1
debian dpkg 1.13.12
debian dpkg 1.13.13
debian dpkg 1.13.14
debian dpkg 1.13.15
debian dpkg 1.13.16
debian dpkg 1.13.17
debian dpkg 1.13.18
debian dpkg 1.13.19
debian dpkg 1.13.20
debian dpkg 1.13.21
debian dpkg 1.13.22
debian dpkg 1.13.23
debian dpkg 1.13.24
debian dpkg 1.13.25
debian dpkg 1.14.0
debian dpkg 1.14.1
debian dpkg 1.14.2
debian dpkg 1.14.3
debian dpkg 1.14.4
debian dpkg 1.14.5
debian dpkg 1.14.6
debian dpkg 1.14.7
debian dpkg 1.14.8
debian dpkg 1.14.9
debian dpkg 1.14.10
debian dpkg 1.14.11
debian dpkg 1.14.12
debian dpkg 1.14.13
debian dpkg 1.14.14
debian dpkg 1.14.15
debian dpkg 1.14.16
debian dpkg 1.14.16.1
debian dpkg 1.14.16.2
debian dpkg 1.14.16.3
debian dpkg 1.14.16.4
debian dpkg 1.14.16.5
debian dpkg 1.14.16.6
debian dpkg 1.14.17
debian dpkg 1.14.18
debian dpkg 1.14.19
debian dpkg 1.14.20
debian dpkg 1.14.21
debian dpkg 1.14.22
debian dpkg 1.14.23
debian dpkg 1.14.24
debian dpkg 1.14.25
debian dpkg 1.14.26
debian dpkg 1.14.27
debian dpkg 1.14.28
debian dpkg 1.14.29
debian dpkg 1.15.0
debian dpkg 1.15.1
debian dpkg 1.15.2
debian dpkg 1.15.3
debian dpkg 1.15.3.1
debian dpkg 1.15.4
debian dpkg 1.15.4.1
debian dpkg 1.15.5
debian dpkg 1.15.5.1
debian dpkg 1.15.5.2
debian dpkg 1.15.5.3
debian dpkg 1.15.5.4
debian dpkg 1.15.5.5
debian dpkg 1.15.5.6
debian dpkg 1.15.6
debian dpkg 1.15.6.1
debian dpkg 1.15.7
debian dpkg 1.15.7.1
debian dpkg 1.15.7.2
debian dpkg 1.15.8
debian dpkg 1.15.8.1
debian dpkg 1.15.8.2
debian dpkg 1.15.8.3
debian dpkg 1.15.8.4
debian dpkg 1.15.8.5
debian dpkg 1.15.8.6
debian dpkg 1.15.8.7
debian dpkg 1.15.8.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8532266-01AA-414B-A29B-8219855F1E34",
              "versionEndIncluding": "1.14.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C682EF47-BF0A-4B48-A1D1-A55A9ECA7F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6453-69FA-426C-9346-CD7BEDE9C60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3122762-BEF0-4988-BED9-4D8592C24CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E2515-E79D-4237-97E9-D5BA35A5F4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9562A87-9464-4203-8360-58E9A7E495FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4989628B-306C-4E03-A64E-718C4FF2778F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB0B1D3-632D-442B-8B83-92591CD80A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFADCC1-6162-482F-971A-04041715E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52270405-2AC2-41B7-B07A-42763993D587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4C5026-D1BD-490A-9C3B-526BDBD9F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A530D-1DB8-4AB4-A62D-BB73BDA6A96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE83D2A-D1F7-460F-AFFA-45D635D23B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA52B75-0BE4-4647-A02E-6C01FF15DD0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7306A247-0AAE-43E7-A9E0-CE224A1B239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347AB5F-5194-4B96-A8E7-9EE51B82C8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A99CC-0F6E-49F4-99C5-8647A66A5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C844AC14-2ECA-45AB-B9A1-44CF626143BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "466B21B4-DF59-4B55-8778-BD674A137F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C69AA54-AC53-4A10-8ED4-C426F4C37305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC00A088-B0AC-4CCD-8EAE-31D4DB6372B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C34F7E-91AD-4009-A86B-E3C42533C67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "840FA75D-5AFC-4011-AA2C-A851763A8E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDF073B-7437-4700-A5BD-B47CF1163302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D44007-FEEB-4A1E-BBEA-A8F9337ABE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "756ED650-7FBF-47D5-800D-B7CDCE98DB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4047BBD-BC04-4CB1-A499-D2B8D3FE6B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E88290-55F4-4177-85F1-7ACBADEB6D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "17561362-F579-4C4A-B706-E7BFD4B4D005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C3A554-49D3-4AA0-AF85-A503288EDA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABD98F8-3512-4F83-BEA8-29787378990B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AE89EC-30B6-4B2C-BB7D-105C7BA31673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "675635B9-B25D-4A6A-B990-F3347D76AF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5591746-1BF7-41C2-8078-0CA13BA4FDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EDAF7A-A7EF-4FA2-AB0F-1B617311F6CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6B0569-44FC-420E-BAF5-08149463D994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE641CD-FD8B-4B09-A738-46795F9CB9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE98EF7-E1D0-460D-971D-F460494BB271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B55AEF9-3375-4E2D-9A5C-BC88626A4977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9734B69-76A9-43A9-96F5-7551DFE691E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38087DB8-ABB3-49F8-98B8-1C36BC588D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48585882-3F63-4CBE-9C82-8E33F52F86C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA224D00-B0BE-4CCC-A221-9BE93AE5F453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "87362BEE-E7B5-4390-9226-6C97F4C82E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "588BCD31-3824-40F9-8BE2-C63F6A40E970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "583BE1D2-6A50-4477-AD01-EA471B339F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D64BC1C-4281-46E8-B6DD-20D09EB5DC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8252FED-9D03-4224-ABB2-6E86E1278ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D013303-0BEA-44AE-A395-343EF27D207E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FF0360-F1FE-4C59-829E-544D9CCE6673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BE27E1-F670-41B8-A5C5-4C28C94D3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAEB637-6349-4452-B619-7080843E1A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "698F4BA9-A8AD-4487-8989-5E41D80A162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B458153-71BE-4EDF-950D-055D9A3D1E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4DC29D-F36D-4B02-BDA8-F0316948BBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D46650E-EDE7-48B0-841D-CC0D45B92FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D843A-4EA7-4B6D-BA62-A8C1C300F47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5635A041-FBFB-411B-95F4-1A11248D4FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CD311-7B97-4E69-B2CA-6ED9FCBEDFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C17AEE-408E-4D57-B5A8-027FEC9AD144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0431871F-39C5-4707-BE53-FAC9E9882170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "838E9A96-BA10-4A4A-AA41-EC025CCD07E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EAFE0A-0A9D-4F9D-BB7F-F4C10797F463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB4FDA2-5729-4964-B48F-01DBC26DAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D08D336-460B-4153-B747-B1F116065DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68401F3-1AF2-4FB5-916E-F40FB6E0DD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DC7349-C57C-47EB-BE92-3BE4719A32F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED090E5E-772F-44B5-86F6-D2388D431055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "526B3511-D083-4153-9DB8-6B8C62426876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB46B910-10AC-4B06-AC90-5E281AFF445E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3A73DC-EE37-41DF-A939-4631A3D1F401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E37212-1BC4-44F5-AFEE-BF706FF9F771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "467A1EF6-2E3C-4786-82BD-687EB44B5541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8096535-AF94-44E3-8266-006FDB84092B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F65E09-7A40-45E2-BEB1-E11B694E7957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FFCFA9-67A9-4502-AD48-2A1CFB6D12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C610809C-7C63-427B-9910-F6F0090B34A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5A449F-B9B6-41DB-91B6-E75ABADFB835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6848180-B565-4DC0-87AB-84DF4BF51F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3070BF5-18C4-4ECD-8795-C569254F4E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "355873B5-FEB9-4FAB-BE8B-8D56C9990F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0355952-8254-477D-BE82-37ED064F5A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AA3EC2-4936-4F29-8885-377906DA346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB4503AF-3941-4318-AAE9-38EF578361EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "958C20C5-3502-417B-8AF4-3E7E43919672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9F52F6-DCF1-466E-8F28-77061513DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "126BF92A-9767-4A6C-985B-DB6C99E090B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "69991FEF-82C9-4760-8623-B1A47348DD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF95E1AA-1A05-4F97-8AAA-C815EE3994BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6200AF-7734-422C-9059-652A4530EFE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5073553-FB4D-4BF1-B3BA-B5CC2B3F45E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26FA5D0-F06B-414F-9F65-D5821365DA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61614F0-B814-4367-A12B-22806A65E8A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0970B646-A060-452C-9473-28A87603DA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "093DF5AF-8AEA-48DF-B8AF-2357B7C5C4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3AF0ABA-6A1A-474F-95FB-E155209EDB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEB1D72-CC33-4C68-810E-C10DFF83504B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en dpkg-source en dpkg anterior a v1.14.31 y v1.15.x, permite a atacantes remotos asistidos por el usuario modificar archivos de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en un parche para un paquete en formato fuente 3.0."
    }
  ],
  "id": "CVE-2010-1679",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-11T03:00:01.750",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70368"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42826"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42831"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43054"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2142"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45703"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1038-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0040"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0044"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0196"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1038-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-6297 (GCVE-0-2025-6297)

Vulnerability from cvelistv5 – Published: 2025-07-01 16:16 – Updated: 2025-07-01 17:30
VLAI?
Title
dpkg-deb: Fix cleanup for control member with restricted directories
Summary
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE
  • CWE-732 - Incorrect Permission Assignment for Critical Resource
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
Debian dpkg Affected: 0 , < ed6bbd445dd8800308c67236ba35d08004c98e82 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T17:30:21.146019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T17:30:37.332Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "dpkg",
          "vendor": "Debian",
          "versions": [
            {
              "lessThan": "ed6bbd445dd8800308c67236ba35d08004c98e82",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.\u003cbr\u003e"
            }
          ],
          "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T17:21:05.050Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "dpkg-deb: Fix cleanup for control member with restricted directories",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2025-6297",
    "datePublished": "2025-07-01T16:16:54.624Z",
    "dateReserved": "2025-06-19T07:40:18.350Z",
    "dateUpdated": "2025-07-01T17:30:37.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1664 (GCVE-0-2022-1664)

Vulnerability from cvelistv5 – Published: 2022-05-26 08:20 – Updated: 2024-09-17 02:16
VLAI?
Title
directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Severity ?
No CVSS data available.
CWE
  • directory traversal
Assigner
References
Impacted products
Vendor Product Version
Debian dpkg Affected: 1.14.17 , < 1.21.8 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpkg",
          "vendor": "Debian",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.20.10",
                  "status": "unaffected"
                },
                {
                  "at": "1.19.8",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.26",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.21.8",
              "status": "affected",
              "version": "1.14.17",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
        },
        {
          "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
        }
      ],
      "source": {
        "advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
        "defect": [
          "DSA-5147-1"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2022-1664",
    "datePublished": "2022-05-26T08:20:15.198129Z",
    "dateReserved": "2022-05-10T00:00:00",
    "dateUpdated": "2024-09-17T02:16:10.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8283 (GCVE-0-2017-8283)

Vulnerability from cvelistv5 – Published: 2017-04-26 05:28 – Updated: 2024-08-05 16:34
VLAI?
Summary
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:21.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98064",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "98064",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98064",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98064"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/04/20/2",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8283",
    "datePublished": "2017-04-26T05:28:00",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-08-05T16:34:21.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0860 (GCVE-0-2015-0860)

Vulnerability from cvelistv5 – Published: 2015-12-03 20:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:11.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
          },
          {
            "name": "GLSA-201612-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-07"
          },
          {
            "name": "DSA-3407",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3407"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
          },
          {
            "name": "USN-2820-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2820-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
        },
        {
          "name": "GLSA-201612-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-07"
        },
        {
          "name": "DSA-3407",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3407"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
        },
        {
          "name": "USN-2820-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2820-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-0860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
            },
            {
              "name": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d",
              "refsource": "CONFIRM",
              "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
            },
            {
              "name": "GLSA-201612-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-07"
            },
            {
              "name": "DSA-3407",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3407"
            },
            {
              "name": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html",
              "refsource": "MISC",
              "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
            },
            {
              "name": "USN-2820-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2820-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-0860",
    "datePublished": "2015-12-03T20:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:11.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0840 (GCVE-0-2015-0840)

Vulnerability from cvelistv5 – Published: 2015-04-13 14:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.ubuntu.com/usn/USN-2566-1 vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2015/dsa-3217 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:10.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2566-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2566-1"
          },
          {
            "name": "FEDORA-2015-6974",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
          },
          {
            "name": "openSUSE-SU-2015:1058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
          },
          {
            "name": "DSA-3217",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "USN-2566-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2566-1"
        },
        {
          "name": "FEDORA-2015-6974",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
        },
        {
          "name": "openSUSE-SU-2015:1058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
        },
        {
          "name": "DSA-3217",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3217"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-0840",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2566-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2566-1"
            },
            {
              "name": "FEDORA-2015-6974",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
            },
            {
              "name": "openSUSE-SU-2015:1058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
            },
            {
              "name": "DSA-3217",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3217"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-0840",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:10.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8625 (GCVE-0-2014-8625)

Vulnerability from cvelistv5 – Published: 2015-01-20 15:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:26:02.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/551"
          },
          {
            "name": "dpkg-format-sting(98551)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
          },
          {
            "name": "FEDORA-2015-6974",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
          },
          {
            "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
          },
          {
            "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/622"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/551"
        },
        {
          "name": "dpkg-format-sting(98551)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
        },
        {
          "name": "FEDORA-2015-6974",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
        },
        {
          "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
        },
        {
          "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/622"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/551"
            },
            {
              "name": "dpkg-format-sting(98551)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
            },
            {
              "name": "FEDORA-2015-6974",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
            },
            {
              "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/539"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
            },
            {
              "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/622"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8625",
    "datePublished": "2015-01-20T15:00:00",
    "dateReserved": "2014-11-06T00:00:00",
    "dateUpdated": "2024-08-06T13:26:02.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3227 (GCVE-0-2014-3227)

Vulnerability from cvelistv5 – Published: 2014-05-30 18:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
          },
          {
            "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-30T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
        },
        {
          "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3227",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
            },
            {
              "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3227",
    "datePublished": "2014-05-30T18:00:00",
    "dateReserved": "2014-05-06T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3127 (GCVE-0-2014-3127)

Vulnerability from cvelistv5 – Published: 2014-05-14 00:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
          },
          {
            "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/191"
          },
          {
            "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/227"
          },
          {
            "name": "67181",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.  NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-30T17:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
        },
        {
          "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/191"
        },
        {
          "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/227"
        },
        {
          "name": "67181",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.  NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
            },
            {
              "name": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog",
              "refsource": "CONFIRM",
              "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
            },
            {
              "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/191"
            },
            {
              "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/227"
            },
            {
              "name": "67181",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3127",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0471 (GCVE-0-2014-0471)

Vulnerability from cvelistv5 – Published: 2014-04-30 14:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.debian.org/security/2014/dsa-2915 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/67106 vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2183-1 vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:17.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2915",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2915"
          },
          {
            "name": "67106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67106"
          },
          {
            "name": "USN-2183-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2183-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-02T14:57:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-2915",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2915"
        },
        {
          "name": "67106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67106"
        },
        {
          "name": "USN-2183-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2183-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-0471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2915",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2915"
            },
            {
              "name": "67106",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67106"
            },
            {
              "name": "USN-2183-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2183-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-0471",
    "datePublished": "2014-04-30T14:00:00",
    "dateReserved": "2013-12-19T00:00:00",
    "dateUpdated": "2024-08-06T09:20:17.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1679 (GCVE-0-2010-1679)

Vulnerability from cvelistv5 – Published: 2011-01-11 01:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/42831 third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/42826 third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ubuntu.com/usn/USN-1038-1 vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2011/0040 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/45703 vdb-entryx_refsource_BID
http://www.debian.org/security/2011/dsa-2142 vendor-advisoryx_refsource_DEBIAN
http://osvdb.org/70368 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/43054 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0044 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0196 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:52.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42831"
          },
          {
            "name": "FEDORA-2011-0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
          },
          {
            "name": "42826",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42826"
          },
          {
            "name": "FEDORA-2011-0362",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
          },
          {
            "name": "dpkg-dpkgsource-directory-traversal(64615)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
          },
          {
            "name": "USN-1038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1038-1"
          },
          {
            "name": "ADV-2011-0040",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0040"
          },
          {
            "name": "45703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45703"
          },
          {
            "name": "DSA-2142",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2142"
          },
          {
            "name": "70368",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70368"
          },
          {
            "name": "43054",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43054"
          },
          {
            "name": "ADV-2011-0044",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0044"
          },
          {
            "name": "ADV-2011-0196",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "42831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42831"
        },
        {
          "name": "FEDORA-2011-0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
        },
        {
          "name": "42826",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42826"
        },
        {
          "name": "FEDORA-2011-0362",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
        },
        {
          "name": "dpkg-dpkgsource-directory-traversal(64615)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
        },
        {
          "name": "USN-1038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1038-1"
        },
        {
          "name": "ADV-2011-0040",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0040"
        },
        {
          "name": "45703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45703"
        },
        {
          "name": "DSA-2142",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2142"
        },
        {
          "name": "70368",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70368"
        },
        {
          "name": "43054",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43054"
        },
        {
          "name": "ADV-2011-0044",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0044"
        },
        {
          "name": "ADV-2011-0196",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0196"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42831"
            },
            {
              "name": "FEDORA-2011-0345",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
            },
            {
              "name": "42826",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42826"
            },
            {
              "name": "FEDORA-2011-0362",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
            },
            {
              "name": "dpkg-dpkgsource-directory-traversal(64615)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
            },
            {
              "name": "USN-1038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1038-1"
            },
            {
              "name": "ADV-2011-0040",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0040"
            },
            {
              "name": "45703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45703"
            },
            {
              "name": "DSA-2142",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2142"
            },
            {
              "name": "70368",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70368"
            },
            {
              "name": "43054",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43054"
            },
            {
              "name": "ADV-2011-0044",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0044"
            },
            {
              "name": "ADV-2011-0196",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0196"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1679",
    "datePublished": "2011-01-11T01:00:00",
    "dateReserved": "2010-04-30T00:00:00",
    "dateUpdated": "2024-08-07T01:35:52.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6297 (GCVE-0-2025-6297)

Vulnerability from nvd – Published: 2025-07-01 16:16 – Updated: 2025-07-01 17:30
VLAI?
Title
dpkg-deb: Fix cleanup for control member with restricted directories
Summary
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE
  • CWE-732 - Incorrect Permission Assignment for Critical Resource
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
Debian dpkg Affected: 0 , < ed6bbd445dd8800308c67236ba35d08004c98e82 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-6297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T17:30:21.146019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T17:30:37.332Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "dpkg",
          "vendor": "Debian",
          "versions": [
            {
              "lessThan": "ed6bbd445dd8800308c67236ba35d08004c98e82",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.\u003cbr\u003e"
            }
          ],
          "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T17:21:05.050Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "dpkg-deb: Fix cleanup for control member with restricted directories",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2025-6297",
    "datePublished": "2025-07-01T16:16:54.624Z",
    "dateReserved": "2025-06-19T07:40:18.350Z",
    "dateUpdated": "2025-07-01T17:30:37.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1664 (GCVE-0-2022-1664)

Vulnerability from nvd – Published: 2022-05-26 08:20 – Updated: 2024-09-17 02:16
VLAI?
Title
directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Severity ?
No CVSS data available.
CWE
  • directory traversal
Assigner
References
Impacted products
Vendor Product Version
Debian dpkg Affected: 1.14.17 , < 1.21.8 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpkg",
          "vendor": "Debian",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.20.10",
                  "status": "unaffected"
                },
                {
                  "at": "1.19.8",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.26",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.21.8",
              "status": "affected",
              "version": "1.14.17",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
        },
        {
          "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
        },
        {
          "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
        }
      ],
      "source": {
        "advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
        "defect": [
          "DSA-5147-1"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2022-1664",
    "datePublished": "2022-05-26T08:20:15.198129Z",
    "dateReserved": "2022-05-10T00:00:00",
    "dateUpdated": "2024-09-17T02:16:10.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8283 (GCVE-0-2017-8283)

Vulnerability from nvd – Published: 2017-04-26 05:28 – Updated: 2024-08-05 16:34
VLAI?
Summary
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:21.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98064",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "98064",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98064",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98064"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/04/20/2",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/lists/oss-security/2017/04/20/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8283",
    "datePublished": "2017-04-26T05:28:00",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-08-05T16:34:21.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0860 (GCVE-0-2015-0860)

Vulnerability from nvd – Published: 2015-12-03 20:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:11.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
          },
          {
            "name": "GLSA-201612-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-07"
          },
          {
            "name": "DSA-3407",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3407"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
          },
          {
            "name": "USN-2820-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2820-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
        },
        {
          "name": "GLSA-201612-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-07"
        },
        {
          "name": "DSA-3407",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3407"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
        },
        {
          "name": "USN-2820-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2820-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-0860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"
            },
            {
              "name": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d",
              "refsource": "CONFIRM",
              "url": "https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"
            },
            {
              "name": "GLSA-201612-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-07"
            },
            {
              "name": "DSA-3407",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3407"
            },
            {
              "name": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html",
              "refsource": "MISC",
              "url": "https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"
            },
            {
              "name": "USN-2820-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2820-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-0860",
    "datePublished": "2015-12-03T20:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:11.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0840 (GCVE-0-2015-0840)

Vulnerability from nvd – Published: 2015-04-13 14:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.ubuntu.com/usn/USN-2566-1 vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2015/dsa-3217 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:10.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2566-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2566-1"
          },
          {
            "name": "FEDORA-2015-6974",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
          },
          {
            "name": "openSUSE-SU-2015:1058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
          },
          {
            "name": "DSA-3217",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "USN-2566-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2566-1"
        },
        {
          "name": "FEDORA-2015-6974",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
        },
        {
          "name": "openSUSE-SU-2015:1058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
        },
        {
          "name": "DSA-3217",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3217"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-0840",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2566-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2566-1"
            },
            {
              "name": "FEDORA-2015-6974",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
            },
            {
              "name": "openSUSE-SU-2015:1058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"
            },
            {
              "name": "DSA-3217",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3217"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-0840",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:10.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8625 (GCVE-0-2014-8625)

Vulnerability from nvd – Published: 2015-01-20 15:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:26:02.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/551"
          },
          {
            "name": "dpkg-format-sting(98551)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
          },
          {
            "name": "FEDORA-2015-6974",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
          },
          {
            "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
          },
          {
            "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/622"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/551"
        },
        {
          "name": "dpkg-format-sting(98551)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
        },
        {
          "name": "FEDORA-2015-6974",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
        },
        {
          "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
        },
        {
          "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/622"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/551"
            },
            {
              "name": "dpkg-format-sting(98551)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"
            },
            {
              "name": "FEDORA-2015-6974",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485"
            },
            {
              "name": "[oss-security] 20141106 CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/539"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135"
            },
            {
              "name": "[oss-security] 20141106 Re: CVE-Request: dpkg handling of \u0027control\u0027 and warnings format string vulnerability",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/622"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8625",
    "datePublished": "2015-01-20T15:00:00",
    "dateReserved": "2014-11-06T00:00:00",
    "dateUpdated": "2024-08-06T13:26:02.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3227 (GCVE-0-2014-3227)

Vulnerability from nvd – Published: 2014-05-30 18:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
          },
          {
            "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-30T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
        },
        {
          "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3227",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/05/29/16"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
            },
            {
              "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/04/29/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3227",
    "datePublished": "2014-05-30T18:00:00",
    "dateReserved": "2014-05-06T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3127 (GCVE-0-2014-3127)

Vulnerability from nvd – Published: 2014-05-14 00:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
          },
          {
            "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/191"
          },
          {
            "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/227"
          },
          {
            "name": "67181",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.  NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-30T17:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
        },
        {
          "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/191"
        },
        {
          "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/227"
        },
        {
          "name": "67181",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.  NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
            },
            {
              "name": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog",
              "refsource": "CONFIRM",
              "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
            },
            {
              "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/191"
            },
            {
              "name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/227"
            },
            {
              "name": "67181",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3127",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0471 (GCVE-0-2014-0471)

Vulnerability from nvd – Published: 2014-04-30 14:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.debian.org/security/2014/dsa-2915 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/67106 vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2183-1 vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:17.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2915",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2915"
          },
          {
            "name": "67106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67106"
          },
          {
            "name": "USN-2183-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2183-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-02T14:57:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-2915",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2915"
        },
        {
          "name": "67106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67106"
        },
        {
          "name": "USN-2183-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2183-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-0471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2915",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2915"
            },
            {
              "name": "67106",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67106"
            },
            {
              "name": "USN-2183-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2183-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-0471",
    "datePublished": "2014-04-30T14:00:00",
    "dateReserved": "2013-12-19T00:00:00",
    "dateUpdated": "2024-08-06T09:20:17.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}