CVE-2022-1664

Updated: 2023-11-04 21:06:38.751304

Description:

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
Ubuntu 16.04 ELS dpkg 1.18.4 9.8 CRITICAL Released CLSA-2022:1654717100 2022-06-08 17:40:00
Ubuntu 18.04 ELS dpkg 1.19.0.5 9.8 CRITICAL Already Fixed 2023-04-28 08:48:29