PT-2015-4922 · Debian+3 · Dpkg+3

Hanno Böck

Published

2015-09-14

Updated

2017-07-01

CVE-2015-0860

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Debian dpkg versions 1.16.x through 1.16.16 Debian dpkg versions 1.17.x through 1.17.25

Description The issue is caused by an off-by-one error in the extracthalf function, which can lead to a stack-based buffer overflow. This can be triggered by the archive magic version number in an "old-style" Debian binary package.

Recommendations For Debian dpkg versions 1.16.x through 1.16.16, update to version 1.16.17 or later. For Debian dpkg versions 1.17.x through 1.17.25, update to version 1.17.26 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2015-1779

CVE-2015-0860

DSA-3407-1

MGASA-2015-0482

SUSE-SU-2017:1096-1

SUSE-SU-2017:2700-1

SUSE-SU-2017_1096-1

USN-2820-1

Affected Products

Alt Linux

Suse

Ubuntu

Dpkg

PT-2015-4922 · Debian+3 · Dpkg+3

CVE-2015-0860

Weakness Enumeration

Related Identifiers

Affected Products

References · 33