CVE-2010-0396
dpkg < 1.14.29 - Path Traversal via Crafted Debian Source Archive
Title source: llmDescription
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
References (4)
Core 4
Core References
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2011
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
Patch x_refsource_confirm
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0582
Scores
EPSS
0.0201
EPSS Percentile
78.5%
Details
CWE
CWE-22
Status
published
Products (50)
debian/dpkg
1.9.19
debian/dpkg
1.9.20
debian/dpkg
1.9.21
debian/dpkg
1.10
debian/dpkg
1.10.1
debian/dpkg
1.10.2
debian/dpkg
1.10.3
debian/dpkg
1.10.4
debian/dpkg
1.10.5
debian/dpkg
1.10.6
... and 40 more
Published
Mar 15, 2010
Tracked Since
Feb 18, 2026