CVE-2014-3227

CWE-22Path Traversal5 documents5 sources
Severity
6.4MEDIUM
EPSS
0.6%
top 30.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Dpkg
Timeline
PublishedMay 30
Latest updateMay 17

Description

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the b

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debiandpkg< 1.17.9+3
NVDdebian/dpkg31 versions+30

🔴Vulnerability Details

3
GHSA
GHSA-xjq6-63hc-vrrj: dpkg 12022-05-17
CVEList
CVE-2014-3227: dpkg 12014-05-30
OSV
CVE-2014-3227: dpkg 12014-05-30

📋Vendor Advisories

1
Debian
CVE-2014-3227: dpkg - dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch pr...2014
CVE-2014-3227 (MEDIUM CVSS 6.4) | dpkg 1.15.9 | cvebase.io