{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205396?format=json","vulnerability_id":"VCID-z5zw-v8zf-ufbz","summary":"dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.","aliases":[{"alias":"CVE-2017-8283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38279?format=json","purl":"pkg:deb/debian/dpkg@1.18.24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.18.24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1079009?format=json","purl":"pkg:deb/debian/dpkg@1.18.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-du4d-dg1m-eqda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.18.24"},{"url":"http://public2.vulnerablecode.io/api/packages/38241?format=json","purl":"pkg:deb/debian/dpkg@1.20.13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt5d-1fnh-5bfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.20.13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/38239?format=json","purl":"pkg:deb/debian/dpkg@1.21.23?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.21.23%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/38244?format=json","purl":"pkg:deb/debian/dpkg@1.22.22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.22.22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/38243?format=json","purl":"pkg:deb/debian/dpkg@1.23.7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.23.7%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072234?format=json","purl":"pkg:deb/debian/dpkg@1.4.0.23.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntc-urq5-gqfw"},{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rsun-gwng-8uhr"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.4.0.23.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1072235?format=json","purl":"pkg:deb/debian/dpkg@1.4.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntc-urq5-gqfw"},{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rsun-gwng-8uhr"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.4.0.35"},{"url":"http://public2.vulnerablecode.io/api/packages/1072236?format=json","purl":"pkg:deb/debian/dpkg@1.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntc-urq5-gqfw"},{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rsun-gwng-8uhr"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.6.15"},{"url":"http://public2.vulnerablecode.io/api/packages/1072237?format=json","purl":"pkg:deb/debian/dpkg@1.9.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntc-urq5-gqfw"},{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rsun-gwng-8uhr"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.9.21"},{"url":"http://public2.vulnerablecode.io/api/packages/1072238?format=json","purl":"pkg:deb/debian/dpkg@1.10.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntc-urq5-gqfw"},{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.10.28"},{"url":"http://public2.vulnerablecode.io/api/packages/1072239?format=json","purl":"pkg:deb/debian/dpkg@1.13.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.13.25"},{"url":"http://public2.vulnerablecode.io/api/packages/1072240?format=json","purl":"pkg:deb/debian/dpkg@1.13.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.13.26"},{"url":"http://public2.vulnerablecode.io/api/packages/1072241?format=json","purl":"pkg:deb/debian/dpkg@1.14.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-6cze-4zrp-4yfr"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-btgp-dyxb-mued"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-xxem-cb1w-3uap"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.14.31"},{"url":"http://public2.vulnerablecode.io/api/packages/1072242?format=json","purl":"pkg:deb/debian/dpkg@1.15.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.15.11"},{"url":"http://public2.vulnerablecode.io/api/packages/1072243?format=json","purl":"pkg:deb/debian/dpkg@1.15.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.15.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1072244?format=json","purl":"pkg:deb/debian/dpkg@1.16.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nye-sjkv-7yh3"},{"vulnerability":"VCID-2ztp-va25-bkaa"},{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-bw2n-ubwc-jqa1"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-fz7g-epw9-w7bd"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-ybxa-yfpv-ukga"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.16.18"},{"url":"http://public2.vulnerablecode.io/api/packages/1074262?format=json","purl":"pkg:deb/debian/dpkg@1.17.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.17.10"},{"url":"http://public2.vulnerablecode.io/api/packages/1074263?format=json","purl":"pkg:deb/debian/dpkg@1.17.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.17.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1074264?format=json","purl":"pkg:deb/debian/dpkg@1.17.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-7k2y-78yf-z7gx"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-rwn6-awv7-hubb"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.17.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1074265?format=json","purl":"pkg:deb/debian/dpkg@1.17.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.17.25"},{"url":"http://public2.vulnerablecode.io/api/packages/1074266?format=json","purl":"pkg:deb/debian/dpkg@1.17.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51m7-h55d-x3ax"},{"vulnerability":"VCID-du4d-dg1m-eqda"},{"vulnerability":"VCID-z5zw-v8zf-ufbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dpkg@1.17.27"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8283","reference_id":"","reference_type":"","scores":[{"value":"0.0107","scoring_system":"epss","scoring_elements":"0.78141","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0107","scoring_system":"epss","scoring_elements":"0.78209","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0107","scoring_system":"epss","scoring_elements":"0.78223","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0107","scoring_system":"epss","scoring_elements":"0.78218","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8283"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5zw-v8zf-ufbz"}