GCVE - cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*

part: a version: 1.17.22 update: *

Vendor	Debian (`4199fb5b-36f6-5ceb-83d5-855460345e36`)
Product	Dpkg (`70d9845d-a063-5593-86fb-6bada4efd00c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/dpkg`	purl2cpe	2026-06-01 10:17:13.902080
`pkg:deb/ubuntu/dpkg`	purl2cpe	2026-06-01 10:17:13.902081
`pkg:github/davidben/dpkg`	purl2cpe	2026-06-01 10:17:13.902083
`pkg:github/guillemj/dpkg`	purl2cpe	2026-06-01 10:17:13.902084
`pkg:rpm/fedora/dpkg`	purl2cpe	2026-06-01 10:17:13.902085
`pkg:rpm/opensuse/dpkg`	purl2cpe	2026-06-01 10:17:13.902087

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-8283`	vulnerable	2026-06-03 14:37:39.787914	Details available dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. Published: 2017-04-26T05:28:00.000Z Updated: 2024-08-05T16:34:21.674Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98064 http://www.openwall.com/lists/oss-security/2017/04/20/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0860`	vulnerable	2026-06-03 14:34:37.707082	Details available Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. Published: 2015-12-03T20:00:00.000Z Updated: 2024-08-06T04:26:11.051Z Open on db.gcve.eu Reference links https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324 https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d https://security.gentoo.org/glsa/201612-07 http://www.debian.org/security/2015/dsa-3407 https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0840`	vulnerable	2026-06-03 14:34:37.619182	Details available The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Published: 2015-04-13T14:00:00.000Z Updated: 2024-08-06T04:26:10.605Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2566-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html http://www.debian.org/security/2015/dsa-3217	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.