CVE-2014-0471
dpkg - security update
EPSS 0.24%
Description
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
How to fix CVE-2014-0471
To remediate CVE-2014-0471, upgrade the affected package to a fixed version below.
- Debian/dpkg—upgrade to 1.17.8 or later
- Debian/dpkg—upgrade to 1.15.9 or later
Is CVE-2014-0471 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.17.8
- from 0, < 1.15.9