cpe:/a:debian:dpkg:1.16.0 cpe:/a:debian:dpkg:1.16.0.1 cpe:/a:debian:dpkg:1.16.0.2 cpe:/a:debian:dpkg:1.16.0.3 cpe:/a:debian:dpkg:1.16.1 cpe:/a:debian:dpkg:1.16.1.1 cpe:/a:debian:dpkg:1.16.1.2 cpe:/a:debian:dpkg:1.16.2 cpe:/a:debian:dpkg:1.16.3 cpe:/a:debian:dpkg:1.16.4 cpe:/a:debian:dpkg:1.16.4.1 cpe:/a:debian:dpkg:1.16.4.2 cpe:/a:debian:dpkg:1.16.4.3 cpe:/a:debian:dpkg:1.16.5 cpe:/a:debian:dpkg:1.16.6 cpe:/a:debian:dpkg:1.16.7 cpe:/a:debian:dpkg:1.16.8 cpe:/a:debian:dpkg:1.16.9 cpe:/a:debian:dpkg:1.16.10 cpe:/a:debian:dpkg:1.16.11 cpe:/a:debian:dpkg:1.16.12 cpe:/a:debian:dpkg:1.16.15 cpe:/a:debian:dpkg:1.17.0 cpe:/a:debian:dpkg:1.17.1 cpe:/a:debian:dpkg:1.17.2 cpe:/a:debian:dpkg:1.17.3 cpe:/a:debian:dpkg:1.17.4 cpe:/a:debian:dpkg:1.17.5 cpe:/a:debian:dpkg:1.17.6 cpe:/a:debian:dpkg:1.17.7 cpe:/a:debian:dpkg:1.17.8 cpe:/a:debian:dpkg:1.17.9 cpe:/a:debian:dpkg:1.17.10 cpe:/a:debian:dpkg:1.17.11 cpe:/a:debian:dpkg:1.17.12 cpe:/a:debian:dpkg:1.17.13 cpe:/a:debian:dpkg:1.17.14 cpe:/a:debian:dpkg:1.17.15 cpe:/a:debian:dpkg:1.17.16 cpe:/a:debian:dpkg:1.17.17 cpe:/a:debian:dpkg:1.17.18 cpe:/a:debian:dpkg:1.17.19 cpe:/a:debian:dpkg:1.17.20 cpe:/a:debian:dpkg:1.17.21 cpe:/a:debian:dpkg:1.17.22 cpe:/a:debian:dpkg:1.17.23 cpe:/a:debian:dpkg:1.17.24 cpe:/a:debian:dpkg:1.17.25 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:15.04 cpe:/o:canonical:ubuntu_linux:15.10 CVE-2015-0860 2015-12-03T15:59:01.847-05:00 2017-06-30T21:29:13.157-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2015-12-04T10:19:52.117-05:00 DEBIAN DSA-3407 GENTOO GLSA-201612-07 UBUNTU USN-2820-1 CONFIRM https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d MISC https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324 Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.