CVE-2017-8283 in dpkginfo

Summary

dpkg-source in dpkg through 1.8.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/25/2017

Disclosure

04/26/2017

Moderation

VulDB entry created

Entries

1: VDB-100616

CPE

ready

CWE

CWE-22 (Confirmed)

CVSS

8.0

EPSS

0.01070

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-8283
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-8283
CVE Details	https://www.cvedetails.com/cve/CVE-2017-8283/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!