cbcvebase.
CVE-2014-8625
published 2015-01-20

CVE-2014-8625: Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of…

PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.30%
87.0th percentile
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandpkg< dpkg 1.17.22 (bookworm)dpkg 1.17.22 (bookworm)
debiandpkg<= 1.17.21
debiandpkg>= 0 < 1.17.221.17.22
debiandpkg>= 0 < 1.17.221.17.22
debiandpkg>= 0 < 1.17.221.17.22
debiandpkg>= 0 < 1.17.221.17.22

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.