[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0860Date: (C)2015-12-15   (M)2023-12-22


Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
DSA-3407
GLSA-201612-07
USN-2820-1
https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324

CPE    52
cpe:/a:debian:dpkg:1.16.10
cpe:/a:debian:dpkg:1.17.22
cpe:/a:debian:dpkg:1.16.11
cpe:/a:debian:dpkg:1.17.23
...
CWE    1
CWE-189
OVAL    6
oval:org.secpod.oval:def:702857
oval:org.secpod.oval:def:111658
oval:org.secpod.oval:def:111680
oval:org.secpod.oval:def:111690
...

© SecPod Technologies