CVE-2015-0860

CWE-1899 documents7 sources
Severity
7.5HIGH
EPSS
4.9%
top 10.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical Ubuntu LinuxDebian Dpkg
Timeline
PublishedDec 3
Latest updateMay 17

Description

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDdebian/dpkg48 versions+47
Debiandpkg< 1.18.4+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

3
GHSA
GHSA-phx5-8jhp-4rwc: Off-by-one error in the extracthalf function in dpkg-deb/extract2022-05-17
OSV
CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract2015-12-03
CVEList
CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract2015-12-03

📋Vendor Advisories

2
Ubuntu
dpkg vulnerability2015-11-26
Debian
CVE-2015-0860: dpkg - Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-d...2015

💬Community

3
Bugzilla
CVE-2015-0860 dpkg: stack overflows and out of bounds read [fedora-all]2015-11-27
Bugzilla
CVE-2015-0860 dpkg: stack overflows and out of bounds read [epel-all]2015-11-27
Bugzilla
CVE-2015-0860 dpkg: stack overflows and out of bounds read2015-11-27
CVE-2015-0860 (HIGH CVSS 7.5) | Off-by-one error in the extracthalf | cvebase.io