Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-e7c1-q4cj-sycv

Summary Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Aliases

alias	CVE-2008-2958

Fixed_packages

url	pkg:deb/debian/checkinstall@1.6.1-7?distro=trixie
purl	pkg:deb/debian/checkinstall@1.6.1-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.6.1-7%3Fdistro=trixie

url	pkg:deb/debian/checkinstall@1.6.1-8
purl	pkg:deb/debian/checkinstall@1.6.1-8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.6.1-8

url	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-2?distro=trixie
purl	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.6.2%252Bgit20170426.d24a630-2%3Fdistro=trixie

url	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-3?distro=trixie
purl	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.6.2%252Bgit20170426.d24a630-3%3Fdistro=trixie

url	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-5.1?distro=trixie
purl	pkg:deb/debian/checkinstall@1.6.2%2Bgit20170426.d24a630-5.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.6.2%252Bgit20170426.d24a630-5.1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/checkinstall@1.5.3-3

purl pkg:deb/debian/checkinstall@1.5.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e7c1-q4cj-sycv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/checkinstall@1.5.3-3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-2958

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16168
published_at	2026-06-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16311
published_at	2026-06-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16323
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-2958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140
reference_id	488140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140

Weaknesses

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7c1-q4cj-sycv

Vulnerability Instance