Dpkg

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:*

part: a version: 1.9.12 update: *

VendorDebian (4199fb5b-36f6-5ceb-83d5-855460345e36)
ProductDpkg (70d9845d-a063-5593-86fb-6bada4efd00c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/dpkg purl2cpe 2026-06-01 10:17:14.105457
pkg:deb/ubuntu/dpkg purl2cpe 2026-06-01 10:17:14.105458
pkg:github/davidben/dpkg purl2cpe 2026-06-01 10:17:14.105460
pkg:github/guillemj/dpkg purl2cpe 2026-06-01 10:17:14.105461
pkg:rpm/fedora/dpkg purl2cpe 2026-06-01 10:17:14.105463
pkg:rpm/opensuse/dpkg purl2cpe 2026-06-01 10:17:14.105464

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-8283 vulnerable 2026-06-03 14:37:39.701125 Details available
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
Published: 2017-04-26T05:28:00.000Z
Updated: 2024-08-05T16:34:21.674Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0471 vulnerable 2026-06-03 14:33:38.242653 Details available
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Published: 2014-04-30T14:00:00.000Z
Updated: 2024-08-06T09:20:17.946Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.