{"api_version":"1","generated_at":"2026-06-10T19:26:18+00:00","cve":"CVE-2015-0860","urls":{"html":"https://cve.report/CVE-2015-0860","api":"https://cve.report/api/cve/CVE-2015-0860.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0860","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0860"},"summary":{"title":"CVE-2015-0860","description":"Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.","state":"PUBLISHED","assigner":"debian","published_at":"2015-12-03 20:59:01","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-189","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","name":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Stack overflows and out of bounds read in dpkg (Debian) | The Fuzzing Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3407","name":"http://www.debian.org/security/2015/dsa-3407","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Debian -- Security Information -- DSA-3407-1 dpkg","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2820-1","name":"http://www.ubuntu.com/usn/USN-2820-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-2820-1: dpkg vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201612-07","name":"https://security.gentoo.org/glsa/201612-07","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"dpkg: Arbitrary code execution (GLSA 201612-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","name":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#798324 - dpkg-deb: Fix off-by-one write access on versionbuf variable - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0860","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0860","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.16.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T04:26:11.051Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"},{"name":"GLSA-201612-07","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201612-07"},{"name":"DSA-3407","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3407"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"},{"name":"USN-2820-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2820-1"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-11-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-06-30T16:57:01.000Z","orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"},{"tags":["x_refsource_CONFIRM"],"url":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"},{"name":"GLSA-201612-07","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201612-07"},{"name":"DSA-3407","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3407"},{"tags":["x_refsource_MISC"],"url":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"},{"name":"USN-2820-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2820-1"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2015-0860","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","refsource":"CONFIRM","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324"},{"name":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","refsource":"CONFIRM","url":"https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d"},{"name":"GLSA-201612-07","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201612-07"},{"name":"DSA-3407","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3407"},{"name":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","refsource":"MISC","url":"https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html"},{"name":"USN-2820-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2820-1"}]}}}},"cveMetadata":{"assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","assignerShortName":"debian","cveId":"CVE-2015-0860","datePublished":"2015-12-03T20:00:00.000Z","dateReserved":"2015-01-07T00:00:00.000Z","dateUpdated":"2024-08-06T04:26:11.051Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-12-03 20:59:01","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-189","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","matchCriteriaId":"F38D3B7E-8429-473F-BB31-FC3583EE5A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","matchCriteriaId":"E88A537F-F4D0-46B9-9E37-965233C2A355"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*","matchCriteriaId":"60B76474-A71E-4BEA-880B-88A8F0E9E79D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5918D066-8950-44D5-9F14-72C499F9F40A"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*","matchCriteriaId":"623BF341-D9EC-43DF-BA62-D45FDC1FE4E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4D6692AB-7927-4D4B-8E11-EA9B7B93836C"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*","matchCriteriaId":"B6EE875E-DEC4-443C-8921-B4658CA2B2C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*","matchCriteriaId":"4BDD2CFE-61E4-436E-9D49-7F1977904EB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*","matchCriteriaId":"12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*","matchCriteriaId":"6675F9A6-FA20-4AF7-B57F-85595103AA61"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*","matchCriteriaId":"3322B7E4-D815-40B6-836A-2D070F9D0528"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*","matchCriteriaId":"A67143CC-3137-49B3-955C-43C405DB847B"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B1CA956E-51BC-428E-9730-31797A34BE3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*","matchCriteriaId":"3AFC055D-9B64-428C-9D85-CFC2F27EB906"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*","matchCriteriaId":"00E6E62F-B11F-4060-8AAF-A9FA73749422"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*","matchCriteriaId":"0B05CB56-6994-4F75-8015-03F554CD7D78"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*","matchCriteriaId":"B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*","matchCriteriaId":"42C819CC-48E9-4E85-A564-456A27481852"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*","matchCriteriaId":"9D7B2152-3086-4094-8AE2-6E1AF9D35BF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*","matchCriteriaId":"EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*","matchCriteriaId":"65CD971C-EB83-4456-A368-F57B9391599A"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*","matchCriteriaId":"B8CA877A-533B-4B60-A90B-8A958FCA2DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*","matchCriteriaId":"B71A62D9-8013-4528-8EB0-75C18435AE24"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.16.15:*:*:*:*:*:*:*","matchCriteriaId":"096CA319-CBAA-498E-A559-6B6F8690CEFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*","matchCriteriaId":"D18D2B08-C8DD-475D-8E7D-F39E8C24723B"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*","matchCriteriaId":"BA424995-B5E0-4C8A-862B-5290506DF94E"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*","matchCriteriaId":"43F974E2-41AF-42B2-8EE7-02724FD37673"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*","matchCriteriaId":"EFD1F763-34E3-4B39-9184-6CCCD75733A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*","matchCriteriaId":"1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*","matchCriteriaId":"2B2595A0-024B-4C82-8626-9471A3FB96D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*","matchCriteriaId":"E81B04E7-FBA1-45D3-B458-3B57DF331796"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*","matchCriteriaId":"934A9FC7-1B44-4A70-83B6-21783C5BB9BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*","matchCriteriaId":"A66344A0-A556-4E72-9954-CBC0FF9B900F"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*","matchCriteriaId":"82E72C4D-373A-4E74-A038-AD79EA0845D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*","matchCriteriaId":"13D89B07-FB9C-4D88-91A1-431FB91605DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*","matchCriteriaId":"067D13A0-0DBA-4749-9E5C-428338758C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*","matchCriteriaId":"955DA593-FD4C-4BC8-8B64-CA193892C1CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*","matchCriteriaId":"6E35346F-2FCD-42D3-ADE2-D25DCBF11D86"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*","matchCriteriaId":"681BF89B-6501-4992-A953-578908C68ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*","matchCriteriaId":"3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*","matchCriteriaId":"E26692A1-6DE7-4295-99BD-EFF9B0C20162"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*","matchCriteriaId":"A5B65F0D-1708-4B73-B9C3-033E8150348D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*","matchCriteriaId":"A257BEDB-0148-4EE6-B7EA-0DE39752F897"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*","matchCriteriaId":"1A046309-41A1-420C-ABF3-090AD11C9EBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*","matchCriteriaId":"198C70C8-EB31-4E54-A690-727518FBCD6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*","matchCriteriaId":"130E8C0F-0649-4F32-921F-A51EEA4981DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*","matchCriteriaId":"8FF133CE-B3D1-48C2-8AC1-938E70820CF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*","matchCriteriaId":"13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*","matchCriteriaId":"32CCB09B-144F-48E0-BB8C-453C15292F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.25:*:*:*:*:*:*:*","matchCriteriaId":"781C2E3F-A281-499B-A0AA-404117EAA63D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"860","Ordinal":"1","Title":"CVE-2015-0860","CVE":"CVE-2015-0860","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"860","Ordinal":"1","NoteData":"Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.","Type":"Description","Title":"CVE-2015-0860"},{"CveYear":"2015","CveId":"860","Ordinal":"2","NoteData":"2015-12-03","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"860","Ordinal":"3","NoteData":"2017-06-30","Type":"Other","Title":"Modified"}]}}}