CVE-2012-0212

devscripts 2.10.x-2.10.68 and 2.11.x-2.11.3 - Remote Code Execution via debdiff.pl File Name Argument

Title source: llm
STIX 2.1

Description

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

References (9)

Core 9
Core References
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1366-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47955
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48039
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52029
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/79322
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1593-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73217
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2409

Scores

EPSS 0.0582
EPSS Percentile 92.3%

Details

CWE
CWE-20
Status published
Products (50)
devscripts_devel_team/devscripts 2.10.0
devscripts_devel_team/devscripts 2.10.1
devscripts_devel_team/devscripts 2.10.3
devscripts_devel_team/devscripts 2.10.6
devscripts_devel_team/devscripts 2.10.7
devscripts_devel_team/devscripts 2.10.8
devscripts_devel_team/devscripts 2.10.9
devscripts_devel_team/devscripts 2.10.10
devscripts_devel_team/devscripts 2.10.11
devscripts_devel_team/devscripts 2.10.12
... and 40 more
Published Jun 16, 2012
Tracked Since Feb 18, 2026