cbcvebase.
CVE-2014-3865
published 2014-05-30

CVE-2014-3865: Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a…

PriorityP342medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
7.32%
93.6th percentile
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandpkg< dpkg 1.17.10 (bookworm)dpkg 1.17.10 (bookworm)
debiandpkg>= 0 < 1.17.101.17.10
debiandpkg>= 0 < 1.17.101.17.10
debiandpkg>= 0 < 1.17.101.17.10
debiandpkg>= 0 < 1.17.101.17.10
debiandpkg-dev

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.