Search for packages
| purl | pkg:deb/debian/dpkg@1.20.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1786-vddy-dfbz
Aliases: CVE-2025-6297 |
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xxdx-hfvz-tfaf | A vulnerability has been discovered in dpkg, which allows for directory traversal. |
CVE-2022-1664
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T08:41:47.555982+00:00 | Debian Importer | Affected by | VCID-1786-vddy-dfbz | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T00:19:15.122485+00:00 | Debian Oval Importer | Fixing | VCID-xxdx-hfvz-tfaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.4.0 |
| 2026-04-11T23:52:52.944831+00:00 | Debian Oval Importer | Fixing | VCID-xxdx-hfvz-tfaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-11T17:50:39.466394+00:00 | Debian Importer | Affected by | VCID-1786-vddy-dfbz | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-08T23:24:48.430465+00:00 | Debian Oval Importer | Fixing | VCID-xxdx-hfvz-tfaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |
| 2026-04-02T17:02:22.097825+00:00 | Debian Importer | Affected by | VCID-1786-vddy-dfbz | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |