CVE-2014-0471

2014-04-3014:22:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-0471

directory traversal

dpkg

security vulnerability

file writing vulnerability

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to “C-style filename quoting.”

CPENameOperatorVersion
debian:dpkgdebian dpkgeq1.10.5
debian:dpkgdebian dpkgeq1.15.5.5
debian:dpkgdebian dpkgeq1.13.20
debian:dpkgdebian dpkgeq1.10.6
debian:dpkgdebian dpkgeq1.15.8.4
debian:dpkgdebian dpkgeq1.14.4
debian:dpkgdebian dpkgeq1.9.10
debian:dpkgdebian dpkgeq1.14.12
debian:dpkgdebian dpkgeq1.15.5.2
debian:dpkgdebian dpkgeq1.9.20

CPE	Name	Operator	Version
debian:dpkg	debian dpkg	eq	1.10.5
debian:dpkg	debian dpkg	eq	1.15.5.5
debian:dpkg	debian dpkg	eq	1.13.20
debian:dpkg	debian dpkg	eq	1.10.6
debian:dpkg	debian dpkg	eq	1.15.8.4
debian:dpkg	debian dpkg	eq	1.14.4
debian:dpkg	debian dpkg	eq	1.9.10
debian:dpkg	debian dpkg	eq	1.14.12
debian:dpkg	debian dpkg	eq	1.15.5.2
debian:dpkg	debian dpkg	eq	1.9.20