Description
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59896
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2997
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95149
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69055
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/reportbug/+bug/1353046
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/109858
Scores
EPSS
0.0273
EPSS Percentile
84.3%
Details
CWE
CWE-94
Status
published
Products (2)
canonical/reportbug
< 6.5.0
debian/reportbug
< 6.4.4
Published
Aug 06, 2014
Tracked Since
Feb 18, 2026