Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3127

Опубликовано: 14 мая 2014
Источник: nvd
CVSS2: 7.1
EPSS Низкий

Описание

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.8.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.00923
Низкий

7.1 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2014-3127

ubuntu
больше 11 лет назад

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.

debian логотип

CVE-2014-3127

debian
больше 11 лет назад

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style enco ...

github логотип

GHSA-f267-j9wx-cwjf

github
больше 3 лет назад

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.

EPSS

Процентиль: 76%
0.00923
Низкий

7.1 High

CVSS2

Дефекты

CWE-22