CPANSA-Dpkg-2014-8625: Dpkg vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2015-01-20T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2015-01-20T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Vulnerabilities
CVE-2014-8625
Vulnerability DescriptionMultiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
| Weakness | CWE-134 : Use of Externally-Controlled Format String |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Dpkg less than 1.17.22 |
|
Fixed
- Dpkg greater than or equal 1.17.22
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Dpkg-2014-8625 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2015/cpansa-dpkg-2014-8625.json - http://seclists.org/oss-sec/2014/q4/539 external
http://seclists.org/oss-sec/2014/q4/539 - https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 external
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 - http://seclists.org/oss-sec/2014/q4/622 external
http://seclists.org/oss-sec/2014/q4/622 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485 external
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485 - http://seclists.org/oss-sec/2014/q4/551 external
http://seclists.org/oss-sec/2014/q4/551 - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html external
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/98551 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/98551 - CVE-2014-8625 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2014-8625
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Tue Jan 20 00:00:00 2015 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/