CVE-2014-3865

dpkg-dev 1.3.0 - Path Traversal via Crafted Index Pseudo-Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3865. PoCs published by Raphael Geissert.

AI-analyzed exploit summary The provided content describes a directory-traversal vulnerability in dpkg (CVE-2014-3865) but lacks executable exploit code. It references a patch file without functional PoC details.

Description

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Raphael Geissert · textlocallinux
https://www.exploit-db.com/exploits/39207

The provided content describes a directory-traversal vulnerability in dpkg (CVE-2014-3865) but lacks executable exploit code. It references a patch file without functional PoC details.

Classification
Writeup 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: dpkg 1.3.0
No auth needed
Prerequisites: Local access to the target system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2242-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2953
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2014/05/25/2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67727

Scores

EPSS 0.0732
EPSS Percentile 93.6%

Details

CWE
CWE-22
Status published
Products (1)
debian/dpkg-dev 1.3.0
Published May 30, 2014
Tracked Since Feb 18, 2026