CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
devscripts_devel_teamdevscripts
𝑥
≤ 2.13.8
devscripts_devel_teamdevscripts
2.13.0
devscripts_devel_teamdevscripts
2.13.1
devscripts_devel_teamdevscripts
2.13.2
devscripts_devel_teamdevscripts
2.13.3
devscripts_devel_teamdevscripts
2.13.4
devscripts_devel_teamdevscripts
2.13.5
devscripts_devel_teamdevscripts
2.13.6
devscripts_devel_teamdevscripts
2.13.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
devscripts
bullseye
2.21.3+deb11u1
fixed
squeeze
no-dsa
bookworm
2.23.4+deb12u1
fixed
sid
2.24.2
fixed
trixie
2.24.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
devscripts
saucy
Fixed 2.13.4ubuntu0.1
released
raring
Fixed 2.13.1ubuntu0.1
released
quantal
Fixed 2.12.4ubuntu0.1
released
precise
Fixed 2.11.6ubuntu1.6
released
lucid
Fixed 2.10.61ubuntu5.6
released
References
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
http://marc.info/?l=oss-security&m=138900586911271&w=2
http://secunia.com/advisories/56192
http://secunia.com/advisories/56579
http://www.debian.org/security/2014/dsa-2836
http://www.securityfocus.com/bid/64656
http://www.ubuntu.com/usn/USN-2084-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/90107
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
http://marc.info/?l=oss-security&m=138900586911271&w=2
http://secunia.com/advisories/56192
http://secunia.com/advisories/56579
http://www.debian.org/security/2014/dsa-2836
http://www.securityfocus.com/bid/64656
http://www.ubuntu.com/usn/USN-2084-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/90107