CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/04/20/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/98064	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2017/04/20/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/98064	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:dpkg:1.3.0:::::::*
	cpe:2.3:a:debian:dpkg:1.3.1:::::::*
	cpe:2.3:a:debian:dpkg:1.3.2:::::::*
	cpe:2.3:a:debian:dpkg:1.3.3:::::::*
	cpe:2.3:a:debian:dpkg:1.3.4:::::::*
	cpe:2.3:a:debian:dpkg:1.3.5:::::::*
	cpe:2.3:a:debian:dpkg:1.3.6:::::::*
	cpe:2.3:a:debian:dpkg:1.3.7:::::::*
	cpe:2.3:a:debian:dpkg:1.3.8:::::::*
	cpe:2.3:a:debian:dpkg:1.3.9:::::::*
	cpe:2.3:a:debian:dpkg:1.3.10:::::::*
	cpe:2.3:a:debian:dpkg:1.3.11:::::::*
	cpe:2.3:a:debian:dpkg:1.3.12:::::::*
	cpe:2.3:a:debian:dpkg:1.3.13:::::::*
	cpe:2.3:a:debian:dpkg:1.3.14:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.1:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.2:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.3:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.4:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.5:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.6:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.7:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.8:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.9:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.10:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.11:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.12:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.13:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.14:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.15:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.16:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.17:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.18:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.19:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.20:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.21:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.22:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.23:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.23.1:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.23.2:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.24:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.25:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.26:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.26.0.1:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.27:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.28:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.29:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.30:::::::*
	cpe:2.3:a:debian:dpkg:1.4.0.31:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.1:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.2:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.3:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.4:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.5:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.6:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.7:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.8:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.9:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.10:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.11:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.12:::::::*
	cpe:2.3:a:debian:dpkg:1.4.1.13:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.14:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.15:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.16:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.17:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.18:::::::*
cpe:2.3:a:debian:dpkg:1.4.1.19:::::::*
cpe:2.3:a:debian:dpkg:1.6:::::::*
cpe:2.3:a:debian:dpkg:1.6.1:::::::*
cpe:2.3:a:debian:dpkg:1.6.2:::::::*
cpe:2.3:a:debian:dpkg:1.6.3:::::::*
cpe:2.3:a:debian:dpkg:1.6.4:::::::*
cpe:2.3:a:debian:dpkg:1.6.5:::::::*
cpe:2.3:a:debian:dpkg:1.6.6:::::::*
cpe:2.3:a:debian:dpkg:1.6.7:::::::*
cpe:2.3:a:debian:dpkg:1.6.8:::::::*
cpe:2.3:a:debian:dpkg:1.6.9:::::::*
cpe:2.3:a:debian:dpkg:1.6.10:::::::*
cpe:2.3:a:debian:dpkg:1.6.11:::::::*
cpe:2.3:a:debian:dpkg:1.6.12:::::::*
cpe:2.3:a:debian:dpkg:1.6.12.99:::::::*
cpe:2.3:a:debian:dpkg:1.6.13:::::::*
cpe:2.3:a:debian:dpkg:1.7.0:::::::*
cpe:2.3:a:debian:dpkg:1.7.1:::::::*
cpe:2.3:a:debian:dpkg:1.7.2:::::::*
cpe:2.3:a:debian:dpkg:1.8.0:::::::*
cpe:2.3:a:debian:dpkg:1.8.1:::::::*
cpe:2.3:a:debian:dpkg:1.8.1.1:::::::*
cpe:2.3:a:debian:dpkg:1.8.2:::::::*
cpe:2.3:a:debian:dpkg:1.8.3:::::::*
cpe:2.3:a:debian:dpkg:1.8.3.1:::::::*
cpe:2.3:a:debian:dpkg:1.9.0:::::::*
cpe:2.3:a:debian:dpkg:1.9.1:::::::*
cpe:2.3:a:debian:dpkg:1.9.2:::::::*
cpe:2.3:a:debian:dpkg:1.9.3:::::::*
cpe:2.3:a:debian:dpkg:1.9.4:::::::*
cpe:2.3:a:debian:dpkg:1.9.7:::::::*
cpe:2.3:a:debian:dpkg:1.9.8:::::::*
cpe:2.3:a:debian:dpkg:1.9.9:::::::*
cpe:2.3:a:debian:dpkg:1.9.10:::::::*
cpe:2.3:a:debian:dpkg:1.9.11:::::::*
cpe:2.3:a:debian:dpkg:1.9.12:::::::*
cpe:2.3:a:debian:dpkg:1.9.13:::::::*
cpe:2.3:a:debian:dpkg:1.9.14:::::::*
cpe:2.3:a:debian:dpkg:1.9.15:::::::*
cpe:2.3:a:debian:dpkg:1.9.16:::::::*
cpe:2.3:a:debian:dpkg:1.9.17:::::::*
cpe:2.3:a:debian:dpkg:1.9.18:::::::*
cpe:2.3:a:debian:dpkg:1.9.19:::::::*
cpe:2.3:a:debian:dpkg:1.9.20:::::::*
cpe:2.3:a:debian:dpkg:1.9.21:::::::*
cpe:2.3:a:debian:dpkg:1.10:::::::*
cpe:2.3:a:debian:dpkg:1.10.1:::::::*
cpe:2.3:a:debian:dpkg:1.10.2:::::::*
cpe:2.3:a:debian:dpkg:1.10.3:::::::*
cpe:2.3:a:debian:dpkg:1.10.4:::::::*
cpe:2.3:a:debian:dpkg:1.10.5:::::::*
cpe:2.3:a:debian:dpkg:1.10.6:::::::*
cpe:2.3:a:debian:dpkg:1.10.7:::::::*
cpe:2.3:a:debian:dpkg:1.10.8:::::::*
cpe:2.3:a:debian:dpkg:1.10.9:::::::*
cpe:2.3:a:debian:dpkg:1.10.10:::::::*
cpe:2.3:a:debian:dpkg:1.10.11:::::::*
cpe:2.3:a:debian:dpkg:1.10.12:::::::*
cpe:2.3:a:debian:dpkg:1.10.13:::::::*
cpe:2.3:a:debian:dpkg:1.10.14:::::::*
cpe:2.3:a:debian:dpkg:1.10.15:::::::*
cpe:2.3:a:debian:dpkg:1.10.16:::::::*
cpe:2.3:a:debian:dpkg:1.10.17:::::::*
cpe:2.3:a:debian:dpkg:1.10.18:::::::*
cpe:2.3:a:debian:dpkg:1.10.18.1:::::::*
cpe:2.3:a:debian:dpkg:1.10.19:::::::*
cpe:2.3:a:debian:dpkg:1.10.20:::::::*
cpe:2.3:a:debian:dpkg:1.10.21:::::::*
cpe:2.3:a:debian:dpkg:1.10.22:::::::*
cpe:2.3:a:debian:dpkg:1.10.23:::::::*
cpe:2.3:a:debian:dpkg:1.10.24:::::::*
cpe:2.3:a:debian:dpkg:1.10.25:::::::*
cpe:2.3:a:debian:dpkg:1.10.26:::::::*
cpe:2.3:a:debian:dpkg:1.10.27:::::::*
cpe:2.3:a:debian:dpkg:1.10.28:::::::*
cpe:2.3:a:debian:dpkg:1.13.0:::::::*
cpe:2.3:a:debian:dpkg:1.13.1:::::::*
cpe:2.3:a:debian:dpkg:1.13.2:::::::*
cpe:2.3:a:debian:dpkg:1.13.3:::::::*
cpe:2.3:a:debian:dpkg:1.13.4:::::::*
cpe:2.3:a:debian:dpkg:1.13.5:::::::*
cpe:2.3:a:debian:dpkg:1.13.6:::::::*
cpe:2.3:a:debian:dpkg:1.13.7:::::::*
cpe:2.3:a:debian:dpkg:1.13.8:::::::*
cpe:2.3:a:debian:dpkg:1.13.9:::::::*
cpe:2.3:a:debian:dpkg:1.13.10:::::::*
cpe:2.3:a:debian:dpkg:1.13.11:::::::*
cpe:2.3:a:debian:dpkg:1.13.11.1:::::::*
cpe:2.3:a:debian:dpkg:1.13.12:::::::*
cpe:2.3:a:debian:dpkg:1.13.13:::::::*
cpe:2.3:a:debian:dpkg:1.13.14:::::::*
cpe:2.3:a:debian:dpkg:1.13.15:::::::*
cpe:2.3:a:debian:dpkg:1.13.16:::::::*
cpe:2.3:a:debian:dpkg:1.13.17:::::::*
cpe:2.3:a:debian:dpkg:1.13.18:::::::*
cpe:2.3:a:debian:dpkg:1.13.19:::::::*
cpe:2.3:a:debian:dpkg:1.13.20:::::::*
cpe:2.3:a:debian:dpkg:1.13.21:::::::*
cpe:2.3:a:debian:dpkg:1.13.22:::::::*
cpe:2.3:a:debian:dpkg:1.13.23:::::::*
cpe:2.3:a:debian:dpkg:1.13.24:::::::*
cpe:2.3:a:debian:dpkg:1.13.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.0:::::::*
cpe:2.3:a:debian:dpkg:1.14.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.7:::::::*
cpe:2.3:a:debian:dpkg:1.14.8:::::::*
cpe:2.3:a:debian:dpkg:1.14.9:::::::*
cpe:2.3:a:debian:dpkg:1.14.10:::::::*
cpe:2.3:a:debian:dpkg:1.14.11:::::::*
cpe:2.3:a:debian:dpkg:1.14.12:::::::*
cpe:2.3:a:debian:dpkg:1.14.13:::::::*
cpe:2.3:a:debian:dpkg:1.14.14:::::::*
cpe:2.3:a:debian:dpkg:1.14.15:::::::*
cpe:2.3:a:debian:dpkg:1.14.16:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.17:::::::*
cpe:2.3:a:debian:dpkg:1.14.18:::::::*
cpe:2.3:a:debian:dpkg:1.14.19:::::::*
cpe:2.3:a:debian:dpkg:1.14.20:::::::*
cpe:2.3:a:debian:dpkg:1.14.21:::::::*
cpe:2.3:a:debian:dpkg:1.14.22:::::::*
cpe:2.3:a:debian:dpkg:1.14.23:::::::*
cpe:2.3:a:debian:dpkg:1.14.24:::::::*
cpe:2.3:a:debian:dpkg:1.14.25:::::::*
cpe:2.3:a:debian:dpkg:1.15.0:::::::*
cpe:2.3:a:debian:dpkg:1.15.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.3.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.8:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.9:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.10:::::::*
cpe:2.3:a:debian:dpkg:1.16.0:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.16.7:::::::*
cpe:2.3:a:debian:dpkg:1.16.8:::::::*
cpe:2.3:a:debian:dpkg:1.16.9:::::::*
cpe:2.3:a:debian:dpkg:1.16.10:::::::*
cpe:2.3:a:debian:dpkg:1.17.0:::::::*
cpe:2.3:a:debian:dpkg:1.17.1:::::::*
cpe:2.3:a:debian:dpkg:1.17.2:::::::*
cpe:2.3:a:debian:dpkg:1.17.3:::::::*
cpe:2.3:a:debian:dpkg:1.17.4:::::::*
cpe:2.3:a:debian:dpkg:1.17.5:::::::*
cpe:2.3:a:debian:dpkg:1.17.6:::::::*
cpe:2.3:a:debian:dpkg:1.17.7:::::::*
cpe:2.3:a:debian:dpkg:1.17.8:::::::*
cpe:2.3:a:debian:dpkg:1.17.9:::::::*
cpe:2.3:a:debian:dpkg:1.17.10:::::::*
cpe:2.3:a:debian:dpkg:1.17.11:::::::*
cpe:2.3:a:debian:dpkg:1.17.12:::::::*
cpe:2.3:a:debian:dpkg:1.17.13:::::::*
cpe:2.3:a:debian:dpkg:1.17.14:::::::*
cpe:2.3:a:debian:dpkg:1.17.15:::::::*
cpe:2.3:a:debian:dpkg:1.17.16:::::::*
cpe:2.3:a:debian:dpkg:1.17.17:::::::*
cpe:2.3:a:debian:dpkg:1.17.18:::::::*
cpe:2.3:a:debian:dpkg:1.17.19:::::::*
cpe:2.3:a:debian:dpkg:1.17.20:::::::*
cpe:2.3:a:debian:dpkg:1.17.21:::::::*
cpe:2.3:a:debian:dpkg:1.17.22:::::::*
cpe:2.3:a:debian:dpkg:1.17.23:::::::*
cpe:2.3:a:debian:dpkg:1.18.0:::::::*
cpe:2.3:a:debian:dpkg:1.18.1:::::::*
cpe:2.3:a:debian:dpkg:1.18.2:::::::*
cpe:2.3:a:debian:dpkg:1.18.3:::::::*
cpe:2.3:a:debian:dpkg:1.18.4:::::::*
cpe:2.3:a:debian:dpkg:1.18.5:::::::*
cpe:2.3:a:debian:dpkg:1.18.6:::::::*
cpe:2.3:a:debian:dpkg:1.18.7:::::::*
cpe:2.3:a:debian:dpkg:1.18.8:::::::*
cpe:2.3:a:debian:dpkg:1.18.9:::::::*
cpe:2.3:a:debian:dpkg:1.18.10:::::::*
cpe:2.3:a:debian:dpkg:1.18.11:::::::*
cpe:2.3:a:debian:dpkg:1.18.12:::::::*
cpe:2.3:a:debian:dpkg:1.18.13:::::::*
cpe:2.3:a:debian:dpkg:1.18.14:::::::*
cpe:2.3:a:debian:dpkg:1.18.15:::::::*
cpe:2.3:a:debian:dpkg:1.18.16:::::::*
cpe:2.3:a:debian:dpkg:1.18.17:::::::*
cpe:2.3:a:debian:dpkg:1.18.18:::::::*
cpe:2.3:a:debian:dpkg:1.18.19:::::::*
cpe:2.3:a:debian:dpkg:1.18.20:::::::*
cpe:2.3:a:debian:dpkg:1.18.21:::::::*
cpe:2.3:a:debian:dpkg:1.18.22:::::::*
cpe:2.3:a:debian:dpkg:1.18.23:::::::*

History

21 Nov 2024, 03:33

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2017/04/20/2 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2017/04/20/2 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/98064 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/98064 - Third Party Advisory, VDB Entry

Information

Published : 2017-04-26 05:59

Updated : 2024-11-21 03:33

NVD link : CVE-2017-8283

Mitre link : CVE-2017-8283

CVE.ORG link : CVE-2017-8283

JSON object : View

Products Affected

debian

dpkg

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.8 /10