First published: Fri Nov 07 2014(Updated: )
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian dpkg | <=1.17.21 | |
debian/dpkg | <=1.17.21<=1.16.2 | |
debian/dpkg | 1.20.13 1.20.10 1.21.22 1.22.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.