{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-30T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"}, {"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/191"}, {"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/227"}, {"name": "67181", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67181"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"}, {"name": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog", "refsource": "CONFIRM", "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"}, {"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/191"}, {"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/227"}, {"name": "67181", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67181"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"}, {"name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/191"}, {"name": "[oss-security] 20140501 Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/227"}, {"name": "67181", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67181"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3127", "datePublished": "2014-05-14T00:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:35:57.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*", "matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*", "matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*", "matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*", "matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*", "matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*", "matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*", "matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*", "matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*", "matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*", "matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*", "matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*", "matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*", "matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*", "matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*", "matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*", "matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "C0C7B663-4ADD-42A7-B302-975C05288BDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "B9EE9B3E-C62B-4C97-A8A5-16CCAA392FD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "248E90A5-6A3C-4647-891E-005DA3A46C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*", "matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."}, {"lang": "es", "value": "dpkg versi\u00f3n 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad \"C-style encoded filenames\" sin reconocer que el programa parche de squeeze carece de esta caracter\u00edstica, lo que desencadena un error de interacci\u00f3n que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente dise\u00f1ado. NOTA: esto se puede considerar un problema de ingenier\u00eda de versiones en el intento por corregir el CVE-2014-0471."}], "id": "CVE-2014-3127", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-14T00:55:10.400", "references": [{"source": "cve@mitre.org", "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/191"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/227"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67181"}, {"source": "cve@mitre.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}