VulnerableCode Package Details - pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.3

Search for packages

Package details: pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.3

Essentials
History (0)

purl	pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.3

Next non-vulnerable version	1.18.24ubuntu1
Latest non-vulnerable version	1.18.24ubuntu1
Risk	4.4

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-bace-jatv-aaac Aliases: CVE-2015-0860	Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.	1.17.5ubuntu5.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eenk-p5sk-aaac Aliases: CVE-2015-0840	The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).	1.17.5ubuntu5.4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v1fh-mtmc-aaab Aliases: CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.	1.18.24ubuntu1 Affected by 0 other vulnerabilities.
VCID-v83g-rs1y-aaaq Aliases: CVE-2014-8625	Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.	1.17.24ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-kf6s-2qxb-aaah	Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.	CVE-2014-3865
VCID-kmuh-62us-aaas	Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.	CVE-2014-3864

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version