CVE-2022-1664
26.05.2022, 14:15
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | dpkg | 1.14.17 ≤ 𝑥 < 1.18.26 |
| debian | dpkg | 1.19.0 ≤ 𝑥 < 1.19.8 |
| debian | dpkg | 1.20.0 ≤ 𝑥 < 1.20.10 |
| debian | dpkg | 1.21.0 ≤ 𝑥 < 1.21.8 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| netapp | ontap_select_deploy_administration_utility | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dpkg |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dpkg |
| ||||||||||||||||||||||||||||||||||||||||||
| dpkg-devel |
|
References