cbcvebase.
CVE-2017-8283
published 2017-04-26

CVE-2017-8283: dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which…

PriorityP347critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.57%
90.4th percentile
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Affected

305 ranges· showing 25
VendorProductVersion rangeFixed in
debiandpkg< dpkg 1.18.24 (bookworm)dpkg 1.18.24 (bookworm)
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg
debiandpkg

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.