CVE-2025-6297

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6297

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6297.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6297

Downstream

UBUNTU-CVE-2025-6297

Related

MGASA-2025-0204

Published

2025-07-01T17:15:30Z

Modified

2025-07-08T17:51:02.663020Z

Summary

[none]

Details

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.

References

Affected packages

Debian:11 / dpkg

Package

Name: dpkg
Purl: pkg:deb/debian/dpkg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.20.9

1.20.10

1.20.11

1.20.12

1.20.13

1.21.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.5

1.21.5+nmu1

1.21.6

1.21.7

1.21.8

1.21.9

1.21.10

1.21.11

1.21.12

1.21.13

1.21.14

1.21.15

1.21.16

1.21.17

1.21.18

1.21.19

1.21.20

1.21.21

1.21.22

1.22.0

1.22.1

1.22.2

1.22.3

1.22.4

1.22.5

1.22.6

1.22.7

1.22.8

1.22.9

1.22.10

1.22.11

1.22.12

1.22.13

1.22.14

1.22.15

1.22.16

1.22.17

1.22.18

1.22.19

1.22.20

1.22.21

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dpkg

Package

Name: dpkg
Purl: pkg:deb/debian/dpkg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.21.22

1.22.0

1.22.1

1.22.2

1.22.3

1.22.4

1.22.5

1.22.6

1.22.7

1.22.8

1.22.9

1.22.10

1.22.11

1.22.12

1.22.13

1.22.14

1.22.15

1.22.16

1.22.17

1.22.18

1.22.19

1.22.20

1.22.21

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dpkg

Package

Name: dpkg
Purl: pkg:deb/debian/dpkg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.21

Affected versions

1.*

1.21.22

1.22.0

1.22.1

1.22.2

1.22.3

1.22.4

1.22.5

1.22.6

1.22.7

1.22.8

1.22.9

1.22.10

1.22.11

1.22.12

1.22.13

1.22.14

1.22.15

1.22.16

1.22.17

1.22.18

1.22.19

1.22.20

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.dpkg.org/cgit/dpkg/dpkg.git

Affected ranges

Type: GIT
Repo: https://git.dpkg.org/cgit/dpkg/dpkg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ed6bbd445dd8800308c67236ba35d08004c98e82

Affected versions

1.*

1.1.4

1.1.5

1.1.6

1.10

1.10.1

1.10.10

1.10.11

1.10.12

1.10.13

1.10.14

1.10.15

1.10.16

1.10.17

1.10.18

1.10.18.1

1.10.19

1.10.2

1.10.20

1.10.21

1.10.22

1.10.23

1.10.24

1.10.25

1.10.26

1.10.27

1.10.28

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.13.1.0.1

1.13.10

1.13.11

1.13.11.1

1.13.12

1.13.13

1.13.14

1.13.15

1.13.16

1.13.17

1.13.18

1.13.19

1.13.2

1.13.20

1.13.21

1.13.22

1.13.23

1.13.24

1.13.25

1.13.3

1.13.4

1.13.5

1.13.6

1.13.7

1.13.8

1.13.9

1.14.0

1.14.1

1.14.10

1.14.11

1.14.12

1.14.13

1.14.14

1.14.15

1.14.16

1.14.16.1

1.14.16.2

1.14.16.3

1.14.16.4

1.14.16.5

1.14.16.6

1.14.17

1.14.18

1.14.19

1.14.2

1.14.20

1.14.21

1.14.22

1.14.23

1.14.24

1.14.25

1.14.3

1.14.4

1.14.5

1.14.6

1.14.7

1.14.7_newshlib

1.14.7_newshlib.1

1.14.8

1.14.8_newshlib

1.14.9

1.15.0

1.15.1

1.15.2

1.15.3

1.15.3.1

1.15.4

1.15.4.1

1.15.5

1.15.5.1

1.15.5.2

1.15.5.3

1.15.5.4

1.15.5.5

1.15.5.6

1.15.6

1.15.6.1

1.15.7

1.15.7.1

1.15.7.2

1.15.8

1.15.8.1

1.15.8.10

1.15.8.2

1.15.8.3

1.15.8.4

1.15.8.5

1.15.8.6

1.15.8.7

1.15.8.8

1.15.8.9

1.16.0

1.16.0.1

1.16.0.2

1.16.0.3

1.16.1

1.16.1.1

1.16.1.2

1.16.10

1.16.2

1.16.3

1.16.4

1.16.4.1

1.16.4.2

1.16.4.3

1.16.5

1.16.6

1.16.7

1.16.8

1.16.9

1.17.0

1.17.1

1.17.10

1.17.11

1.17.12

1.17.13

1.17.14

1.17.15

1.17.16

1.17.17

1.17.18

1.17.19

1.17.2

1.17.20

1.17.21

1.17.22

1.17.23

1.17.3

1.17.4

1.17.5

1.17.6

1.17.7

1.17.8

1.17.9

1.18.0

1.18.1

1.18.10

1.18.11

1.18.12

1.18.13

1.18.14

1.18.15

1.18.16

1.18.17

1.18.18

1.18.19

1.18.2

1.18.20

1.18.21

1.18.22

1.18.23

1.18.24

1.18.3

1.18.4

1.18.5

1.18.6

1.18.7

1.18.8

1.18.9

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.19.6

1.19.7

1.2.0

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.20.0

1.20.1

1.20.2

1.20.3

1.20.4

1.20.5

1.20.6

1.20.7

1.20.8

1.21.0

1.21.1

1.21.10

1.21.11

1.21.12

1.21.13

1.21.14

1.21.15

1.21.16

1.21.17

1.21.18

1.21.19

1.21.2

1.21.20

1.21.3

1.21.4

1.21.5

1.21.6

1.21.7

1.21.8

1.21.9

1.22.0

1.22.1

1.22.10

1.22.11

1.22.12

1.22.13

1.22.14

1.22.15

1.22.16

1.22.17

1.22.18

1.22.19

1.22.2

1.22.3

1.22.4

1.22.5

1.22.6

1.22.7

1.22.8

1.22.9

1.3.0

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4.0

1.4.1.1

1.4.1.10

1.4.1.11

1.4.1.12

1.4.1.14

1.4.1.15

1.4.1.17

1.4.1.19

1.4.1.4

1.4.1.5

1.4.1.7

1.4.1.8

1.4.1.9

1.6

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.7.0

1.7.1