CVE-2026-2219

Published: Mar 7, 2026

Modified: Mar 9, 2026

PUBLISHED

Description

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

Vendor	Product	Versions
Debian	dpkg	affected `1.21.18 - < 1.23.6`

References

https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313

patch

https://bugs.debian.org/1129722

issue-tracking

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-2219

Description

Affected Products

References