cvedb.io
CVE-2022-1664
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-05-26T14:15:08.010 · Last modified 2026-06-17T04:22:53.073

Summary

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

Affected products

debian — dpkg

Does this affect you?

Add your gear to cvedb and we'll alert you only when debian ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.