Search for packages
| purl | pkg:deb/debian/dpkg@1.17.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bace-jatv-aaac
Aliases: CVE-2015-0860 |
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-eenk-p5sk-aaac
Aliases: CVE-2015-0840 |
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
Affected by 3 other vulnerabilities. |
|
VCID-hy4s-c76f-aaak
Aliases: CVE-2022-1664 |
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-v1fh-mtmc-aaab
Aliases: CVE-2017-8283 |
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. |
Affected by 1 other vulnerability. |
|
VCID-v83g-rs1y-aaaq
Aliases: CVE-2014-8625 |
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T14:55:29.613206+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:42:24.829179+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:32:08.271486+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:16:42.004999+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:30:28.455925+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T09:36:02.842736+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T01:19:01.537641+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.3 |
| 2025-06-20T22:05:52.038005+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.1.3 |
| 2025-06-20T21:28:45.010937+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.1.3 |
| 2025-06-20T21:12:06.683750+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.1.3 |
| 2025-06-20T19:50:15.797771+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.1.3 |
| 2025-06-08T07:48:58.015454+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:36:37.669667+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:26:10.967943+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:11:20.791513+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:29:55.677757+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T03:24:38.971645+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-07T18:41:47.457621+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.0 |
| 2025-06-07T15:29:43.771534+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.1.0 |
| 2025-06-07T14:51:24.992776+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.1.0 |
| 2025-06-07T14:36:44.732809+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.1.0 |
| 2025-06-07T13:41:45.923156+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.1.0 |
| 2025-04-12T22:12:14.467287+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:08:11.930135+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:42:52.946109+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:43:07.590072+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:50:25.675248+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:21:24.570051+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:08:58.383368+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:58:29.545182+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:43:25.533428+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:01:11.831376+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T01:52:02.342589+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-07T17:19:35.789883+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.0.0 |
| 2025-04-07T14:00:48.190811+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.0.0 |
| 2025-04-07T13:23:25.222984+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.0.0 |
| 2025-04-07T13:08:52.943672+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.0.0 |
| 2025-04-07T12:17:04.459683+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.0.0 |