4 matches found
USN-8109-1 debian-goodies vulnerability
Jakub Wilk discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...
CVE-2023-27635
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...
PT-2023-1670
Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...
Input validation
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...