Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to “C-style filename quoting.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dpkg | < 1.17.8 | dpkg_1.17.8_all.deb |
Debian | 11 | all | dpkg | < 1.17.8 | dpkg_1.17.8_all.deb |
Debian | 10 | all | dpkg | < 1.17.8 | dpkg_1.17.8_all.deb |
Debian | 999 | all | dpkg | < 1.17.8 | dpkg_1.17.8_all.deb |
Debian | 13 | all | dpkg | < 1.17.8 | dpkg_1.17.8_all.deb |