CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Information

Published : 2022-05-26 07:15

Updated : 2022-12-02 18:19


NVD link : CVE-2022-1664

Mitre link : CVE-2022-1664


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux
  • dpkg

netapp

  • ontap_select_deploy_administration_utility