Unrated severityNVD Advisory· Published May 26, 2022· Updated Sep 17, 2024
directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
CVE-2022-1664
Description
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
55- osv-coords53 versionspkg:rpm/opensuse/dpkg&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/dpkg&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/dpkg&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/dpkg&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/dpkg&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/dpkg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/dpkg&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/update-alternatives&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/update-alternatives&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Manager%20Server%204.1
< 1.19.0.4-150000.4.4.1+ 52 more
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.18.4-16.3.5
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.18.4-16.3.5
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
- (no CPE)range: < 1.19.0.4-150000.4.4.1
Patches
Vulnerability mechanics
References
7- git.dpkg.org/cgit/dpkg/dpkg.git/commit/mitre
- git.dpkg.org/cgit/dpkg/dpkg.git/commit/mitre
- git.dpkg.org/cgit/dpkg/dpkg.git/commit/mitre
- git.dpkg.org/cgit/dpkg/dpkg.git/commit/mitre
- lists.debian.org/debian-lts-announce/2022/05/msg00033.htmlmitre
- lists.debian.org/debian-security-announce/2022/msg00115.htmlmitre
- security.netapp.com/advisory/ntap-20221007-0002/mitre
News mentions
0No linked articles in our index yet.