CVE-2014-0471

CVSS V2 Medium 5 CVSS V3 None
Description
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Overview
  • CVE ID
  • CVE-2014-0471
  • Assigner
  • security@debian.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-04-30T14:22:06
  • Last Modified Date
  • 2015-10-16T14:53:06
Weakness Enumerations
CWE URL
CWE-22 http://cwe.mitre.org/data/definitions/22.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:* 1 OR 1.15.8.8
cpe:2.3:a:debian:dpkg:1.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.14.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.debian.org/security/2014/dsa-2915 Vendor Advisory
http://www.ubuntu.com/usn/USN-2183-1 Vendor Advisory
http://www.securityfocus.com/bid/67106
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-0471
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0471
History
Created Old Value New Value Data Type Notes
2022-05-10 10:19:50 Added to TrackCVE
2022-12-01 22:56:02 2014-04-30T14:22Z 2014-04-30T14:22:06 CVE Published Date updated
2022-12-01 22:56:02 2015-10-16T14:53:06 CVE Modified Date updated
2022-12-01 22:56:02 Analyzed Vulnerability Status updated