CVE-2025-6297
published 2025-07-01CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is…
PriorityP346high8.2CVSS 3.1
AVNACLPRNUINSUCHILAN
EPSS
0.35%
26.5th percentile
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on
adversarial .deb packages or with well compressible files, placed
inside a directory with permissions not allowing removal by a non-root
user, this can end up in a DoS scenario due to causing disk quota
exhaustion or disk full conditions.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpkg | < ed6bbd445dd8800308c67236ba35d08004c98e82 | ed6bbd445dd8800308c67236ba35d08004c98e82 |
| debian | dpkg | < 1.22.21 | 1.22.21 |
| debian | dpkg | < dpkg 1.22.21 (forky) | dpkg 1.22.21 (forky) |
| debian | dpkg | >= 0 < 1.22.21 | 1.22.21 |
| debian | dpkg | >= 0 < 1.22.21 | 1.22.21 |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
osv8.2HIGH
vendor_debian8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w56q-6jw5-h5xf: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
ghsa_unreviewed·2025-07-01
CVE-2025-6297 [HIGH] CWE-400 GHSA-w56q-6jw5-h5xf: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on
adversarial .deb packages or with well compressible files, placed
inside a directory with permissions not allowing removal by a non-root
user, this can end up in a DoS scenario due to causing disk quota
exhaustion or disk full conditions.
OSV
CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
osv·2025-07-01·CVSS 8.2
CVE-2025-6297 [HIGH] CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
Ubuntu
dpkg vulnerability
vendor_ubuntu·2025-09-24
CVE-2025-6297 dpkg vulnerability
Title: dpkg vulnerability
Summary: dpkg could be made to consume disk space if it opened a specially crafted
file.
It was discovered that dpkg incorrectly handled removing certain temporary
directories. An attacker could possibly use this issue to consume disk
space, leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2025-6297: dpkg - It was discovered that dpkg-deb does not properly sanitize directory permissions...
vendor_debian·2025·CVSS 8.2
CVE-2025-6297 [HIGH] CVE-2025-6297: dpkg - It was discovered that dpkg-deb does not properly sanitize directory permissions...
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.22.21)
sid: resolved (fixed in 1.22.21)
trixie: resolved (fixed in 1.22.21)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-01
Published