CVE-2015-0840

Опубликовано: 13 апр. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*

Версия до 1.16.15 (включая)

cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*

cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00647

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2015-0840

ubuntu

почти 11 лет назад

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

CVE-2015-0840

debian

почти 11 лет назад

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x befor ...

GHSA-mrx8-xmg2-v94q

github

больше 3 лет назад

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

EPSS

Процентиль: 70%

0.00647

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-284