CVE-2014-3864
dpkg - security update
EPSS 0.61%
Description
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
How to fix CVE-2014-3864
To remediate CVE-2014-3864, upgrade the affected package to a fixed version below.
- Debian/dpkg—upgrade to 1.17.10 or later
- Debian/dpkg—upgrade to 1.15.11 or later
Is CVE-2014-3864 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.17.10
- from 0, < 1.15.11