CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3864 – Ubuntu Security Notice USN-2242-1
https://notcve.org/view.php?id=CVE-2014-3864
30 May 2014 — Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. Vulnerabilidad de salto de directorio en dpkg-source en dpkg-dev 1.3.0 permite a atacantes remotos modificar archivos fuera del directorio intencionado a través de un paquete de fuente manipulado que no tiene una línea de cabecera ---. It was discovered that dpkg incorrectly handled certain patches when unpac... • http://openwall.com/lists/oss-security/2014/05/25/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 2CVE-2014-3865 – dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals
https://notcve.org/view.php?id=CVE-2014-3865
30 May 2014 — Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. Múltiples vulnerabilidades de salto de directorio en dpkg-source en dpkg-dev 1.3.0 permiten a atacantes remotos modificar archivos fuera de los directorios intencionados a través de un paquete fuen... • https://www.exploit-db.com/exploits/39207 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •