cve/CVE-2017-8283.md at bfbdb15d530107ed63bf22a2f414213ca05fd0ff

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

POC

Reference

No PoCs from references.

Github

https://github.com/garethr/findcve
https://github.com/yfoelling/yair

789 B Raw Blame History

CVE-2017-8283

Description

POC

Reference

Github

789 B

Raw Blame History