PT-2014-5561 · Debian+1 · Dpkg-Dev+1

Guillem Jover

Published

2014-05-30

Updated

2017-12-29

CVE-2014-3864

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions dpkg-dev version 1.3.0

Description A directory traversal issue in dpkg-source allows remote attackers to modify files outside of the intended directories. This is achieved by crafting a source package that lacks a --- header line.

Recommendations For dpkg-dev version 1.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2014-3864

DSA-2953-1

MGASA-2014-0289

USN-2242-1

Affected Products

Ubuntu

Dpkg-Dev

PT-2014-5561 · Debian+1 · Dpkg-Dev+1

CVE-2014-3864

Weakness Enumeration

Related Identifiers

Affected Products

References · 23