QwikSec

Security Database

CVE

CWE

Training

CVE-2015-0860

Published: Dec 3, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324

x_refsource_CONFIRM

https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_DEBIAN

https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.