OpenCVE

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Dpkg

Configuration 1 [-]

OR	cpe:2.3:a:debian:dpkg::::::::
	cpe:2.3:a:debian:dpkg:1.9.1:::::::*
	cpe:2.3:a:debian:dpkg:1.9.2:::::::*
	cpe:2.3:a:debian:dpkg:1.9.3:::::::*
	cpe:2.3:a:debian:dpkg:1.9.7:::::::*
	cpe:2.3:a:debian:dpkg:1.9.8:::::::*
	cpe:2.3:a:debian:dpkg:1.9.9:::::::*
	cpe:2.3:a:debian:dpkg:1.9.10:::::::*
	cpe:2.3:a:debian:dpkg:1.9.11:::::::*
	cpe:2.3:a:debian:dpkg:1.9.12:::::::*
	cpe:2.3:a:debian:dpkg:1.9.13:::::::*
	cpe:2.3:a:debian:dpkg:1.9.14:::::::*
	cpe:2.3:a:debian:dpkg:1.9.15:::::::*
	cpe:2.3:a:debian:dpkg:1.9.16:::::::*
	cpe:2.3:a:debian:dpkg:1.9.17:::::::*
	cpe:2.3:a:debian:dpkg:1.9.18:::::::*
	cpe:2.3:a:debian:dpkg:1.9.19:::::::*
	cpe:2.3:a:debian:dpkg:1.9.20:::::::*
	cpe:2.3:a:debian:dpkg:1.9.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10:::::::*
	cpe:2.3:a:debian:dpkg:1.10.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.2:::::::*
	cpe:2.3:a:debian:dpkg:1.10.3:::::::*
	cpe:2.3:a:debian:dpkg:1.10.4:::::::*
	cpe:2.3:a:debian:dpkg:1.10.5:::::::*
	cpe:2.3:a:debian:dpkg:1.10.6:::::::*
	cpe:2.3:a:debian:dpkg:1.10.7:::::::*
	cpe:2.3:a:debian:dpkg:1.10.8:::::::*
	cpe:2.3:a:debian:dpkg:1.10.9:::::::*
	cpe:2.3:a:debian:dpkg:1.10.11:::::::*
	cpe:2.3:a:debian:dpkg:1.10.12:::::::*
	cpe:2.3:a:debian:dpkg:1.10.13:::::::*
	cpe:2.3:a:debian:dpkg:1.10.14:::::::*
	cpe:2.3:a:debian:dpkg:1.10.15:::::::*
	cpe:2.3:a:debian:dpkg:1.10.16:::::::*
	cpe:2.3:a:debian:dpkg:1.10.17:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.19:::::::*
	cpe:2.3:a:debian:dpkg:1.10.20:::::::*
	cpe:2.3:a:debian:dpkg:1.10.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10.22:::::::*
	cpe:2.3:a:debian:dpkg:1.10.23:::::::*
	cpe:2.3:a:debian:dpkg:1.10.24:::::::*
	cpe:2.3:a:debian:dpkg:1.10.25:::::::*
	cpe:2.3:a:debian:dpkg:1.10.26:::::::*
	cpe:2.3:a:debian:dpkg:1.10.27:::::::*
	cpe:2.3:a:debian:dpkg:1.10.28:::::::*
	cpe:2.3:a:debian:dpkg:1.13.0:::::::*
	cpe:2.3:a:debian:dpkg:1.13.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.2:::::::*
	cpe:2.3:a:debian:dpkg:1.13.3:::::::*
	cpe:2.3:a:debian:dpkg:1.13.4:::::::*
	cpe:2.3:a:debian:dpkg:1.13.5:::::::*
	cpe:2.3:a:debian:dpkg:1.13.6:::::::*
	cpe:2.3:a:debian:dpkg:1.13.7:::::::*
	cpe:2.3:a:debian:dpkg:1.13.8:::::::*
	cpe:2.3:a:debian:dpkg:1.13.9:::::::*
	cpe:2.3:a:debian:dpkg:1.13.10:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.12:::::::*
	cpe:2.3:a:debian:dpkg:1.13.13:::::::*
	cpe:2.3:a:debian:dpkg:1.13.14:::::::*
cpe:2.3:a:debian:dpkg:1.13.15:::::::*
cpe:2.3:a:debian:dpkg:1.13.16:::::::*
cpe:2.3:a:debian:dpkg:1.13.17:::::::*
cpe:2.3:a:debian:dpkg:1.13.18:::::::*
cpe:2.3:a:debian:dpkg:1.13.19:::::::*
cpe:2.3:a:debian:dpkg:1.13.20:::::::*
cpe:2.3:a:debian:dpkg:1.13.21:::::::*
cpe:2.3:a:debian:dpkg:1.13.22:::::::*
cpe:2.3:a:debian:dpkg:1.13.23:::::::*
cpe:2.3:a:debian:dpkg:1.13.24:::::::*
cpe:2.3:a:debian:dpkg:1.13.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.0:::::::*
cpe:2.3:a:debian:dpkg:1.14.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.7:::::::*
cpe:2.3:a:debian:dpkg:1.14.8:::::::*
cpe:2.3:a:debian:dpkg:1.14.9:::::::*
cpe:2.3:a:debian:dpkg:1.14.10:::::::*
cpe:2.3:a:debian:dpkg:1.14.11:::::::*
cpe:2.3:a:debian:dpkg:1.14.12:::::::*
cpe:2.3:a:debian:dpkg:1.14.13:::::::*
cpe:2.3:a:debian:dpkg:1.14.14:::::::*
cpe:2.3:a:debian:dpkg:1.14.15:::::::*
cpe:2.3:a:debian:dpkg:1.14.16:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.17:::::::*
cpe:2.3:a:debian:dpkg:1.14.18:::::::*
cpe:2.3:a:debian:dpkg:1.14.19:::::::*
cpe:2.3:a:debian:dpkg:1.14.20:::::::*
cpe:2.3:a:debian:dpkg:1.14.21:::::::*
cpe:2.3:a:debian:dpkg:1.14.22:::::::*
cpe:2.3:a:debian:dpkg:1.14.23:::::::*
cpe:2.3:a:debian:dpkg:1.14.24:::::::*
cpe:2.3:a:debian:dpkg:1.14.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.26:::::::*
cpe:2.3:a:debian:dpkg:1.14.27:::::::*
cpe:2.3:a:debian:dpkg:1.14.28:::::::*
cpe:2.3:a:debian:dpkg:1.14.29:::::::*
cpe:2.3:a:debian:dpkg:1.14.30:::::::*
cpe:2.3:a:debian:dpkg:1.15.0:::::::*
cpe:2.3:a:debian:dpkg:1.15.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.3.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.9:::::::*
cpe:2.3:a:debian:dpkg:1.16.0:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.16.7:::::::*
cpe:2.3:a:debian:dpkg:1.16.8:::::::*
cpe:2.3:a:debian:dpkg:1.16.9:::::::*
cpe:2.3:a:debian:dpkg:1.16.10:::::::*
cpe:2.3:a:debian:dpkg:1.16.11:::::::*
cpe:2.3:a:debian:dpkg:1.16.12:::::::*
cpe:2.3:a:debian:dpkg:1.17.0:::::::*
cpe:2.3:a:debian:dpkg:1.17.1:::::::*
cpe:2.3:a:debian:dpkg:1.17.2:::::::*
cpe:2.3:a:debian:dpkg:1.17.3:::::::*
cpe:2.3:a:debian:dpkg:1.17.4:::::::*
cpe:2.3:a:debian:dpkg:1.17.5:::::::*
cpe:2.3:a:debian:dpkg:1.17.6:::::::*
cpe:2.3:a:debian:dpkg:1.17.7:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

No data.

References

Link	Providers
http://www.debian.org/security/2014/dsa-2915
http://www.securityfocus.com/bid/67106
http://www.ubuntu.com/usn/USN-2183-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-04-30T14:00:00

Updated: 2024-08-06T09:20:17.946Z

Reserved: 2013-12-19T00:00:00

Link: CVE-2014-0471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-04-30T14:22:06.140

Modified: 2024-11-21T02:02:12.267

Link: CVE-2014-0471

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object