Directory Traversal Vulnerabilities in dpkg-source for Debian and Ubuntu
CVE-2014-3865

Currently unrated

Key Information:

Vendor

Debian
Status
Dpkg-dev
Vendor
CVE Published:
30 May 2014

What is CVE-2014-3865?

Multiple directory traversal vulnerabilities exist in the dpkg-source component of dpkg-dev 1.3.0, enabling remote attackers to manipulate files located outside of designated directories. This is achieved through a specially crafted source package containing an Index: pseudo-header that may lack critical header lines or include a blank pathname within the +++ header. Such exploits can allow unauthorized file modifications, posing serious security risks to affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.ubuntu.com/usn/USN-2242-1
vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-2953
vendor-advisoryx_refsource_DEBIAN
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.