Directory Traversal Vulnerability in dpkg-source

Directory Traversal Vulnerability in dpkg-source

CVE-2017-8283 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Learn more about our Cis Benchmark Audit For Debian Linux.