CVE-2022-1664 in Debian and NetApp Products
Published on May 26, 2022

directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

NVD

Products Associated with CVE-2022-1664

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-1664 are published in these products:

Debian Dpkg

Debian Linux

NetApp Ontap Select Deploy Administration Utility

Affected Versions

Debian dpkg:

Version 1.14.17 and below 1.21.8 is affected.

Exploit Probability

EPSS

0.33%

Percentile

55.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-1664 in Debian and NetApp ProductsPublished on May 26, 2022

Products Associated with CVE-2022-1664

Affected Versions

Exploit Probability

CVE-2022-1664 in Debian and NetApp Products
Published on May 26, 2022