Unrated severityNVD Advisory· Published Jul 1, 2025· Updated Jul 1, 2025
dpkg-deb: Fix cleanup for control member with restricted directories
CVE-2025-6297
Description
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords14 versionspkg:rpm/opensuse/dpkg&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/dpkg&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Micro%206.1
< 1.19.0.4-150000.4.7.1+ 13 more
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.22.21-1.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.19.0.4-150000.4.7.1
- (no CPE)range: < 1.22.0-2.1
- (no CPE)range: < 1.22.0-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.