VulnerableCode Package Details - pkg:deb/debian/dpkg@1.17.25

Search for packages

Package details: pkg:deb/debian/dpkg@1.17.25

Essentials
History (38)

purl	pkg:deb/debian/dpkg@1.17.25

Next non-vulnerable version	1.20.13
Latest non-vulnerable version	1.20.13
Risk	4.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-bace-jatv-aaac Aliases: CVE-2015-0860	Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.	1.17.27 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.18.24 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hy4s-c76f-aaak Aliases: CVE-2022-1664	Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.	1.19.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.20.13 Affected by 0 other vulnerabilities.
VCID-v1fh-mtmc-aaab Aliases: CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.	1.18.24 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bace-jatv-aaac
Aliases:
CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

1.17.27
Affected by 3 other vulnerabilities.

1.18.24
Affected by 1 other vulnerability.

VCID-hy4s-c76f-aaak
Aliases:
CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

1.19.8
Affected by 1 other vulnerability.

1.20.13
Affected by 0 other vulnerabilities.

VCID-v1fh-mtmc-aaab
Aliases:
CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

1.18.24
Affected by 1 other vulnerability.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-eenk-p5sk-aaac	The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).	CVE-2015-0840
VCID-v83g-rs1y-aaaq	Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.	CVE-2014-8625

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:55:29.615544+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:42:24.831068+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:32:08.273814+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:16:42.007390+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:30:28.458042+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T09:36:02.844610+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T01:19:01.539828+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	None	36.1.3
2025-06-20T22:05:52.040219+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	None	36.1.3
2025-06-20T21:28:45.012508+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	None	36.1.3
2025-06-20T21:12:06.685367+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	None	36.1.3
2025-06-20T19:50:15.799674+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	None	36.1.3
2025-06-08T07:48:58.017227+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:36:37.671193+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:26:10.969436+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:11:20.793058+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:29:55.679326+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T03:24:38.973158+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T18:41:47.460028+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	None	36.1.0
2025-06-07T15:29:43.773607+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	None	36.1.0
2025-06-07T14:51:24.994338+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	None	36.1.0
2025-06-07T14:36:44.734811+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	None	36.1.0
2025-06-07T13:41:45.924954+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	None	36.1.0
2025-04-12T22:12:14.472345+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:08:11.935237+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:42:52.951017+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:43:07.595122+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:50:25.680581+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T06:21:24.574888+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:08:58.388441+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:58:29.550239+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:43:25.538227+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:01:11.836253+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T01:52:02.347586+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T17:19:35.795224+00:00	Debian Oval Importer	Affected by	VCID-hy4s-c76f-aaak	None	36.0.0
2025-04-07T14:00:48.196087+00:00	Debian Oval Importer	Fixing	VCID-v83g-rs1y-aaaq	None	36.0.0
2025-04-07T13:23:25.228271+00:00	Debian Oval Importer	Affected by	VCID-v1fh-mtmc-aaab	None	36.0.0
2025-04-07T13:08:52.949420+00:00	Debian Oval Importer	Fixing	VCID-eenk-p5sk-aaac	None	36.0.0
2025-04-07T12:17:04.466020+00:00	Debian Oval Importer	Affected by	VCID-bace-jatv-aaac	None	36.0.0