CVE-2012-0211

EUVD-2012-0249
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
devscripts_devel_teamdevscripts
2.10.0
devscripts_devel_teamdevscripts
2.10.1
devscripts_devel_teamdevscripts
2.10.3
devscripts_devel_teamdevscripts
2.10.6
devscripts_devel_teamdevscripts
2.10.7
devscripts_devel_teamdevscripts
2.10.8
devscripts_devel_teamdevscripts
2.10.9
devscripts_devel_teamdevscripts
2.10.10
devscripts_devel_teamdevscripts
2.10.11
devscripts_devel_teamdevscripts
2.10.12
devscripts_devel_teamdevscripts
2.10.13
devscripts_devel_teamdevscripts
2.10.14
devscripts_devel_teamdevscripts
2.10.15
devscripts_devel_teamdevscripts
2.10.16
devscripts_devel_teamdevscripts
2.10.17
devscripts_devel_teamdevscripts
2.10.18
devscripts_devel_teamdevscripts
2.10.18.1
devscripts_devel_teamdevscripts
2.10.19
devscripts_devel_teamdevscripts
2.10.20
devscripts_devel_teamdevscripts
2.10.21
devscripts_devel_teamdevscripts
2.10.22
devscripts_devel_teamdevscripts
2.10.23
devscripts_devel_teamdevscripts
2.10.24
devscripts_devel_teamdevscripts
2.10.25
devscripts_devel_teamdevscripts
2.10.26
devscripts_devel_teamdevscripts
2.10.27
devscripts_devel_teamdevscripts
2.10.28
devscripts_devel_teamdevscripts
2.10.29
devscripts_devel_teamdevscripts
2.10.30
devscripts_devel_teamdevscripts
2.10.31
devscripts_devel_teamdevscripts
2.10.32
devscripts_devel_teamdevscripts
2.10.33
devscripts_devel_teamdevscripts
2.10.34
devscripts_devel_teamdevscripts
2.10.35
devscripts_devel_teamdevscripts
2.10.36
devscripts_devel_teamdevscripts
2.10.38
devscripts_devel_teamdevscripts
2.10.39
devscripts_devel_teamdevscripts
2.10.40
devscripts_devel_teamdevscripts
2.10.41
devscripts_devel_teamdevscripts
2.10.42
devscripts_devel_teamdevscripts
2.10.43
devscripts_devel_teamdevscripts
2.10.44
devscripts_devel_teamdevscripts
2.10.45
devscripts_devel_teamdevscripts
2.10.46
devscripts_devel_teamdevscripts
2.10.47
devscripts_devel_teamdevscripts
2.10.48
devscripts_devel_teamdevscripts
2.10.49
devscripts_devel_teamdevscripts
2.10.50
devscripts_devel_teamdevscripts
2.10.51
devscripts_devel_teamdevscripts
2.10.52
devscripts_devel_teamdevscripts
2.10.53
devscripts_devel_teamdevscripts
2.10.54
devscripts_devel_teamdevscripts
2.10.55
devscripts_devel_teamdevscripts
2.10.56
devscripts_devel_teamdevscripts
2.10.57
devscripts_devel_teamdevscripts
2.10.58
devscripts_devel_teamdevscripts
2.10.59
devscripts_devel_teamdevscripts
2.10.60
devscripts_devel_teamdevscripts
2.10.61
devscripts_devel_teamdevscripts
2.10.62
devscripts_devel_teamdevscripts
2.10.63
devscripts_devel_teamdevscripts
2.10.64
devscripts_devel_teamdevscripts
2.10.65.1
devscripts_devel_teamdevscripts
2.10.66
devscripts_devel_teamdevscripts
2.10.67
devscripts_devel_teamdevscripts
2.10.68
devscripts_devel_teamdevscripts
2.11.0
devscripts_devel_teamdevscripts
2.11.1
devscripts_devel_teamdevscripts
2.11.2
devscripts_devel_teamdevscripts
2.11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
devscripts
bookworm
2.23.4+deb12u1
fixed
bullseye
2.21.3+deb11u1
fixed
sid
2.24.2
fixed
trixie
2.24.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
devscripts
hardy
Fixed 2.10.11ubuntu5.8.04.5
released
lucid
Fixed 2.10.61ubuntu5.1
released
maverick
Fixed 2.10.67ubuntu1.1
released
natty
Fixed 2.10.69ubuntu2.1
released
oneiric
Fixed 2.11.1ubuntu3.1
released
Common Weakness Enumeration
References
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03
http://secunia.com/advisories/47955
http://secunia.com/advisories/48039
http://ubuntu.com/usn/usn-1366-1
http://www.debian.org/security/2012/dsa-2409
http://www.osvdb.org/79320
http://www.securityfocus.com/bid/52029
https://exchange.xforce.ibmcloud.com/vulnerabilities/73216
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03
http://secunia.com/advisories/47955
http://secunia.com/advisories/48039
http://ubuntu.com/usn/usn-1366-1
http://www.debian.org/security/2012/dsa-2409
http://www.osvdb.org/79320
http://www.securityfocus.com/bid/52029
https://exchange.xforce.ibmcloud.com/vulnerabilities/73216