2015-12-03 21:59:01 2017-07-01 03:29:13

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Debian Dpkg 1.16.7 (not an official CPE) Debian Dpkg 1.16.2 (not an official CPE) Debian Dpkg 1.16.1 (not an official CPE) Debian Dpkg 1.16.4 (not an official CPE) Debian Dpkg 1.16.6 (not an official CPE) Debian Dpkg 1.16.3 (not an official CPE) Debian Dpkg 1.16.5 (not an official CPE) Debian Dpkg 1.16.8 (not an official CPE) Debian Dpkg 1.16.9 (not an official CPE) Debian Dpkg 1.16.4.1 (not an official CPE) Debian Dpkg 1.16.0.1 (not an official CPE) Debian Dpkg 1.16.0.3 (not an official CPE) Debian Dpkg 1.16.0.2 (not an official CPE) Debian Dpkg 1.16.4.3 (not an official CPE) Debian Dpkg 1.16.4.2 (not an official CPE) Debian dpkg 1.17.19 Debian dpkg 1.17.17 Debian dpkg 1.17.18 Debian dpkg 1.17.16 Debian Dpkg 1.17.6 (not an official CPE) Debian dpkg 1.17.11 Debian Dpkg 1.17.1 (not an official CPE) Debian Dpkg 1.17.0 (not an official CPE) Debian Dpkg 1.17.3 (not an official CPE) Debian dpkg 1.17.10 Debian dpkg 1.17.15 Debian Dpkg 1.17.5 (not an official CPE) Debian Dpkg 1.17.4 (not an official CPE) Debian Dpkg 1.17.2 (not an official CPE) Debian dpkg 1.17.13 Debian Dpkg 1.17.7 (not an official CPE) Debian dpkg 1.17.14 Debian Dpkg 1.17.9 (not an official CPE) Debian dpkg 1.17.12 Debian Dpkg 1.17.8 (not an official CPE) Debian dpkg 1.16.15 Debian dpkg 1.17.22 Debian Dpkg 1.16.10 (not an official CPE) Debian dpkg 1.17.20 Debian dpkg 1.17.21 Debian Dpkg 1.16.1.2 (not an official CPE) Debian Dpkg 1.16.1.1 (not an official CPE) Debian dpkg 1.17.24 Debian Dpkg 1.16.12 (not an official CPE) Debian Dpkg 1.17.25 (not an official CPE) Debian dpkg 1.17.23 Debian Dpkg 1.16.11 (not an official CPE) Debian Dpkg 1.16.0 (not an official CPE)