High severity7.5NVD Advisory· Published Mar 7, 2026· Updated Jun 2, 2026
CVE-2026-2219
CVE-2026-2219
Description
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords10 versionspkg:rpm/opensuse/dpkg&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/dpkg&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/update-alternatives&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/dpkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/update-alternatives&distro=SUSE%20Linux%20Micro%206.2
< 1.22.21-160000.3.1+ 9 more
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.22-1.1
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.21-160000.3.1
- (no CPE)range: < 1.22.0-3.1
- (no CPE)range: < 1.22.0-slfo.1.1_3.1
- (no CPE)range: < 1.22.21-160000.3.1
Patches
Vulnerability mechanics
References
2- git.dpkg.org/cgit/dpkg/dpkg.git/commit/nvdPatch
- bugs.debian.org/1129722nvdIssue TrackingMailing List
News mentions
0No linked articles in our index yet.