CVE-2010-0396

dpkg < 1.14.29 - Path Traversal via Crafted Debian Source Archive

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

References (4)

Core 4
Core References
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2011
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0582

Scores

EPSS 0.0201
EPSS Percentile 78.5%

Details

CWE
CWE-22
Status published
Products (50)
debian/dpkg 1.9.19
debian/dpkg 1.9.20
debian/dpkg 1.9.21
debian/dpkg 1.10
debian/dpkg 1.10.1
debian/dpkg 1.10.2
debian/dpkg 1.10.3
debian/dpkg 1.10.4
debian/dpkg 1.10.5
debian/dpkg 1.10.6
... and 40 more
Published Mar 15, 2010
Tracked Since Feb 18, 2026