CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2026/03/07 9:16 a.m.•6 views

AZL-79509 CVE-2026-2219 affecting package dpkg 1.20.10-1

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

7.5CVSS5.7AI score0.00418EPSS

Exploits0References1

CVE•added 2026/03/07 8:10 a.m.•75 views

CVE-2026-2219

CVE-2026-2219 affects dpkg-deb in dpkg, where improper validation of the end of the data stream during uncompression of zstd-compressed .deb archives can lead to a denial-of-service (infinite CPU loop). Public records from OSV and OSV-derived advisories confirm patches exist in multiple distribut...

7.5CVSS5.8AI score0.00418EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-24950

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02871EPSS

Exploits0References11

Fedora•added 2025/07/22 1:12 a.m.•9 views

[SECURITY] Fedora 42 Update: dpkg-1.22.20-1.fc42

This package provides the low-level infrastructure for handling the installation and removal of Debian software packages. This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to...

8.2CVSS7.3AI score0.00347EPSS

Exploits0

Tenable Nessus•added 2022/11/19 12:0 a.m.•28 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : dpkg (SUSE-SU-2022:4081-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4081-1 advisory. - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive bsc1199944. Tenable h...

9.8CVSS7.3AI score0.02871EPSS

Exploits0References4

Tenable Nessus•added 2022/08/06 12:0 a.m.•43 views

SUSE SLES12 Security Update : dpkg (SUSE-SU-2022:2689-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2689-1 advisory. - CVE-2022-1664: Fixed directory traversal vulnerability in Dpkg::Source::Archive bsc1199944. Tenable has extracted the preceding descriptio...

9.8CVSS7.3AI score0.02871EPSS

Exploits0References4

Tenable Nessus•added 2022/05/31 12:0 a.m.•23 views

Ubuntu 16.04 ESM : dpkg vulnerability (USN-5446-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5446-2 advisory. USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description bloc...

9.8CVSS8.3AI score0.02871EPSS

Exploits0References2

Prion•added 2022/05/26 2:15 p.m.•21 views

Directory traversal

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

7.5CVSS9.2AI score0.02871EPSS

Exploits0References7Affected Software2

Cvelist•added 2022/05/26 8:20 a.m.•34 views

CVE-2022-1664 directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar

9.5AI score0.02871EPSS

Exploits0References7

CVE•added 2022/05/26 8:20 a.m.•470 views

CVE-2022-1664

CVE-2022-1664 affects dpkg: Dpkg::Source::Archive allows directory traversal during in-place extraction of untrusted v2/v3 source packages that include debian.tar. Affected versions are dpkg before 1.21.8, 1.20.10, 1.19.8, and 1.18.26. Mitigation: upgrade to a fixed dpkg version (e.g., 1.21.8 or ...

9.8CVSS9.3AI score0.02871EPSS

Exploits0References7Affected Software1

UbuntuCve•added 2022/05/25 3:0 p.m.•92 views

CVE-2022-1664

9.8CVSS7.2AI score0.02871EPSS

Exploits0References3

Gentoo Linux•added 2016/12/04 12:0 a.m.•42 views

dpkg: Arbitrary code execution

Background Debian package management system. Description Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in the dpkg-deb component of dpkg, the Debian package management system, which triggers a stack-based buffer overflow. Impact An attacker could potentially execute arbitrary...

7.5CVSS9.7AI score0.05035EPSS

Exploits0

Ubuntu•added 2015/11/26 6:32 p.m.•45 views

USN-2820-1: dpkg vulnerability

Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS8.6AI score0.05035EPSS

Exploits0

OSV•added 2015/11/26 12:0 a.m.•18 views

DSA-3407-1 dpkg - security update

Bulletin has no description...

7.5CVSS9.4AI score0.05035EPSS

Exploits0

OSV•added 2011/01/06 12:0 a.m.•28 views

DSA-2142-1 dpkg - directory traversal

Bulletin has no description...

6.8CVSS7.4AI score0.03119EPSS

Exploits0