cbcvebase.
CVE-2015-0840
published 2015-04-13

CVE-2015-0840: The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian…

PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.84%
76.3th percentile
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandpkg< dpkg 1.17.25 (bookworm)dpkg 1.17.25 (bookworm)
debiandpkg<= 1.16.15
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.