CVE-2014-0471

dpkg <1.15.9-1.17.8 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2915
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67106
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2183-1

Scores

EPSS 0.0286
EPSS Percentile 85.0%

Details

CWE
CWE-22
Status published
Products (50)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
canonical/ubuntu_linux 14.04
debian/dpkg 1.9.1
debian/dpkg 1.9.2
debian/dpkg 1.9.3
debian/dpkg 1.9.7
debian/dpkg 1.9.8
... and 40 more
Published Apr 30, 2014
Tracked Since Feb 18, 2026