4.3

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Data is provided by the National Vulnerability Database (NVD)
DebianDpkg Version <= 1.16.15
DebianDpkg Version1.17.0
DebianDpkg Version1.17.1
DebianDpkg Version1.17.2
DebianDpkg Version1.17.3
DebianDpkg Version1.17.4
DebianDpkg Version1.17.5
DebianDpkg Version1.17.6
DebianDpkg Version1.17.7
DebianDpkg Version1.17.8
DebianDpkg Version1.17.9
DebianDpkg Version1.17.10
DebianDpkg Version1.17.11
DebianDpkg Version1.17.12
DebianDpkg Version1.17.13
DebianDpkg Version1.17.14
DebianDpkg Version1.17.15
DebianDpkg Version1.17.16
DebianDpkg Version1.17.17
DebianDpkg Version1.17.18
DebianDpkg Version1.17.19
DebianDpkg Version1.17.20
DebianDpkg Version1.17.21
DebianDpkg Version1.17.22
DebianDpkg Version1.17.23
DebianDpkg Version1.17.24
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.65% 0.7
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.