Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-3127

Good to know:

icon

Date: May 13, 2014

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.

Language: C

Severity Score

Related Resources (9)

http://seclists.org/oss-sec/2014/q2/227
https://nvd.nist.gov/vuln/detail/CVE-2014-3127
http://seclists.org/oss-sec/2014/q2/191
http://www.securityfocus.com/bid/67181
https://security-tracker.debian.org/tracker/CVE-2014-3127
http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3127
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306
https://www.mend.io/vulnerability-database/CVE-2014-3127

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version 1.17.9, 1.16.14, 1.15.10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us