admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-1664.md

21 lines
1012 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-1664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1664)
![](https://img.shields.io/static/v1?label=Product&message=dpkg&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.14.17%3C%201.21.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=directory%20traversal&color=brighgreen)
### Description
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/carbonetes/jacked-action
- https://github.com/carbonetes/jacked-jenkins
- https://github.com/gp47/xef-scan-ex02
Reference in New Issue Copy Permalink