CVE-2010-0396
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
15/03/2010
Last modified:
11/04/2025
Description
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:* | 1.14.28 (including) | |
| cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
- http://www.debian.org/security/2010/dsa-2011
- http://www.vupen.com/english/advisories/2010/0582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
- http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
- http://www.debian.org/security/2010/dsa-2011
- http://www.vupen.com/english/advisories/2010/0582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56887