CVE-2022-1664

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1664
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1664.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1664
Downstream
Related
Published
2022-05-26T14:15:08.010Z
Modified
2026-02-22T01:42:30.431571Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

References

Affected packages

Git / git.dpkg.org/cgit/dpkg/dpkg.git

Affected ranges

Type
GIT
Repo
https://git.dpkg.org/cgit/dpkg/dpkg.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1f23dddc17f69c9598477098c7fb9936e15fa495
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
faa4c92debe45412bfcf8a44f26e827800bb24be
Introduced
1f4238aba8850f83280ca88e14c7b48ee7e07d7e
Fixed
a154134fe70c0b823ae14905bdc33b64e7dcd454
Introduced
314ac02663c5bd1a82b34745150bf13a39a549a3
Fixed
6247c7c3da135b41ac94af82e0b739cb40ba595d
Introduced
47d2e9c479d6650e4980231606cd43c744e3c0c9
Fixed
e195a9f2ffd547e332f8f148a4135f537a5e77e7
Introduced
90d2887c67f2b1d0915169cc49725bb774083aba
Fixed
99902811cf1b1f41eed3bce2fc7ab8a4f02c364b

Affected versions

1.*
1.14.17
1.14.18
1.14.19
1.14.20
1.14.21
1.14.22
1.14.23
1.14.24
1.14.25
1.15.0
1.15.1
1.15.2
1.15.3
1.15.3.1
1.15.4
1.15.4.1
1.15.5
1.15.5.1
1.15.5.2
1.15.5.3
1.15.5.4
1.15.5.5
1.15.5.6
1.15.6
1.15.6.1
1.15.7
1.15.7.1
1.15.7.2
1.15.8
1.15.8.1
1.15.8.10
1.15.8.2
1.15.8.3
1.15.8.4
1.15.8.5
1.15.8.6
1.15.8.7
1.15.8.8
1.15.8.9
1.16.0
1.16.0.1
1.16.0.2
1.16.0.3
1.16.1
1.16.1.1
1.16.1.2
1.16.10
1.16.2
1.16.3
1.16.4
1.16.4.1
1.16.4.2
1.16.4.3
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.17.0
1.17.1
1.17.10
1.17.11
1.17.12
1.17.13
1.17.14
1.17.15
1.17.16
1.17.17
1.17.18
1.17.19
1.17.2
1.17.20
1.17.21
1.17.22
1.17.23
1.17.3
1.17.4
1.17.5
1.17.6
1.17.7
1.17.8
1.17.9
1.18.0
1.18.1
1.18.10
1.18.11
1.18.12
1.18.13
1.18.14
1.18.15
1.18.16
1.18.17
1.18.18
1.18.19
1.18.2
1.18.20
1.18.21
1.18.22
1.18.23
1.18.24
1.18.25
1.18.3
1.18.4
1.18.5
1.18.6
1.18.7
1.18.8
1.18.9
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7
1.20.0
1.20.1
1.20.2
1.20.3
1.20.4
1.20.5
1.20.6
1.20.7
1.20.8
1.20.9
1.21.0
1.21.1
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.21.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1664.json"