CVE-2014-0471

CWE-22 — Path Traversal10 documents7 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 47.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Dpkg Canonical Ubuntu Linux

Timeline

PublishedApr 30

Latest updateMay 17

Description

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiandpkg< 1.17.8+3

▶NVDdebian/dpkg1.15.8.8+168

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-34xq-j8f4-r5cq: Directory traversal vulnerability in the unpacking functionality in dpkg before 1↗2022-05-17

▶

CVEList

CVE-2014-0471: Directory traversal vulnerability in the unpacking functionality in dpkg before 1↗2014-04-30

▶

OSV

CVE-2014-0471: Directory traversal vulnerability in the unpacking functionality in dpkg before 1↗2014-04-30

▶

📋Vendor Advisories

Ubuntu

dpkg vulnerability↗2014-05-01

▶

Ubuntu

dpkg vulnerability↗2014-04-28

▶

Debian

CVE-2014-0471: dpkg - Directory traversal vulnerability in the unpacking functionality in dpkg before ...↗2014

▶

💬Community

Bugzilla

CVE-2014-0471 dpkg: path traversal when unpacking a source package↗2014-04-29

▶

Bugzilla

CVE-2014-0471 dpkg: path traversal when unpacking a source package [fedora-all]↗2014-04-29

▶

Bugzilla

CVE-2014-0471 dpkg: path traversal when unpacking a source package [epel-all]↗2014-04-29

▶