Search for packages
Package details: pkg:deb/debian/dpkg@1.17.27
purl pkg:deb/debian/dpkg@1.17.27
Next non-vulnerable version 1.20.13
Latest non-vulnerable version 1.20.13
Risk 4.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-bace-jatv-aaac
Aliases:
CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
1.18.24
Affected by 1 other vulnerability.
VCID-hy4s-c76f-aaak
Aliases:
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
1.19.8
Affected by 1 other vulnerability.
1.20.13
Affected by 0 other vulnerabilities.
VCID-v1fh-mtmc-aaab
Aliases:
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
1.18.24
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-bace-jatv-aaac Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. CVE-2015-0860

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T14:55:29.617760+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:32:08.276189+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:30:28.460209+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T09:36:02.846530+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T01:19:01.542512+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak None 36.1.3
2025-06-20T21:44:19.990812+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac None 36.1.3
2025-06-20T21:28:45.014060+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab None 36.1.3
2025-06-20T19:50:15.801572+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac None 36.1.3
2025-06-08T07:48:58.019047+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:26:10.970909+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:29:55.680813+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T03:24:38.974700+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T18:41:47.461597+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak None 36.1.0
2025-06-07T15:07:17.211217+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac None 36.1.0
2025-06-07T14:51:24.995854+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab None 36.1.0
2025-06-07T13:41:45.926769+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac None 36.1.0
2025-04-12T22:08:11.940320+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:43:07.600006+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:50:25.685635+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:21:24.579675+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:58:29.555300+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:01:11.841127+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T01:52:02.352651+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T17:19:35.800576+00:00 Debian Oval Importer Affected by VCID-hy4s-c76f-aaak None 36.0.0
2025-04-07T13:39:02.508997+00:00 Debian Oval Importer Affected by VCID-bace-jatv-aaac None 36.0.0
2025-04-07T13:23:25.233664+00:00 Debian Oval Importer Affected by VCID-v1fh-mtmc-aaab None 36.0.0
2025-04-07T12:17:04.472665+00:00 Debian Oval Importer Fixing VCID-bace-jatv-aaac None 36.0.0