Directory Traversal Affecting dpkg package, versions <1.15.6
Threat Intelligence
EPSS
0.31% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-DPKG-1544634
- published 15 Mar 2010
- disclosed 15 Mar 2010
Introduced: 15 Mar 2010
CVE-2010-0396 Open this link in a new tabHow to fix?
Upgrade Debian:12 dpkg to version 1.15.6 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream dpkg package and not the dpkg package as distributed by Debian.
See How to fix? for Debian:12 relevant fixed versions and status.
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
References
- https://security-tracker.debian.org/tracker/CVE-2010-0396
- http://www.debian.org/security/2010/dsa-2011
- http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
- http://www.vupen.com/english/advisories/2010/0582
- http://xforce.iss.net/xforce/xfdb/56887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
CVSS Scores
version 3.1