Unrated severityNVD Advisory· Published Mar 15, 2010· Updated Apr 29, 2026

CVE-2010-0396

Description

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

Affected products

Debian/Dpkg95 versions
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*+ 94 more
- cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*range: <=1.14.28
- cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gznvdPatch
www.debian.org/security/2010/dsa-2011nvdPatch
www.vupen.com/english/advisories/2010/0582nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/56887nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000