Описание
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Ссылки
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Third Party Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Dpkg::Source::Archive in dpkg, the Debian package management system, b ...
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2