← Back

CVE-2015-0840

nvd nist
Published: Apr 13, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Affected (30)

Debian
1 product
Dpkg
Canonical
1 product
Ubuntu Linux
Configuration A
26 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Dpkg
Up to 1.16.15
Dpkg
Version 1.17.0
Dpkg
Version 1.17.10
Dpkg
Version 1.17.11
Dpkg
Version 1.17.12
Dpkg
Version 1.17.13
Dpkg
Version 1.17.14
Dpkg
Version 1.17.15
Dpkg
Version 1.17.16
Dpkg
Version 1.17.17
Dpkg
Version 1.17.18
Dpkg
Version 1.17.19
Dpkg
Version 1.17.1
Dpkg
Version 1.17.20
Dpkg
Version 1.17.21
Dpkg
Version 1.17.22
Dpkg
Version 1.17.23
Dpkg
Version 1.17.24
Dpkg
Version 1.17.2
Dpkg
Version 1.17.3
Dpkg
Version 1.17.4
Dpkg
Version 1.17.5
Dpkg
Version 1.17.6
Dpkg
Version 1.17.7
Dpkg
Version 1.17.8
Dpkg
Version 1.17.9
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
Vendor Advisory
Source: security@debian.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.