CVE-2014-8625 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Affected Products (NVD)

Vendor	Product	Version
debian	dpkg	𝑥 ≤ 1.17.21

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dpkg

bookworm	1.21.22 fixed
bullseye	1.20.13 fixed
bullseye (security)	1.20.10 fixed
sid	1.22.11 fixed
squeeze	not-affected
trixie	1.22.11 fixed

Ubuntu Releases

Ubuntu Product

Codename

dpkg

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lucid	ignored
lunar	not-affected
mantic	not-affected
noble	not-affected
precise	ignored
trusty	needed
utopic	ignored
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html

http://seclists.org/oss-sec/2014/q4/539

http://seclists.org/oss-sec/2014/q4/551

http://seclists.org/oss-sec/2014/q4/622

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485

https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135

https://exchange.xforce.ibmcloud.com/vulnerabilities/98551

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html

http://seclists.org/oss-sec/2014/q4/539

http://seclists.org/oss-sec/2014/q4/551

http://seclists.org/oss-sec/2014/q4/622

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485

https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135

https://exchange.xforce.ibmcloud.com/vulnerabilities/98551