CVE-2012-0211
critical
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
9.3
Description
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2.11.4 |
| debian | bullseye | fixed | 2.11.4 |
| debian | forky | fixed | 2.11.4 |
| debian | sid | fixed | 2.11.4 |
| debian | trixie | fixed | 2.11.4 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| devscripts_devel_team | devscripts | 2.10.0 | |
| devscripts_devel_team | devscripts | 2.10.1 | |
| devscripts_devel_team | devscripts | 2.10.3 | |
| devscripts_devel_team | devscripts | 2.10.6 | |
| devscripts_devel_team | devscripts | 2.10.7 | |
| devscripts_devel_team | devscripts | 2.10.8 | |
| devscripts_devel_team | devscripts | 2.10.9 | |
| devscripts_devel_team | devscripts | 2.10.10 | |
| devscripts_devel_team | devscripts | 2.10.11 | |
| devscripts_devel_team | devscripts | 2.10.12 | |
| devscripts_devel_team | devscripts | 2.10.13 | |
| devscripts_devel_team | devscripts | 2.10.14 | |
| devscripts_devel_team | devscripts | 2.10.15 | |
| devscripts_devel_team | devscripts | 2.10.16 | |
| devscripts_devel_team | devscripts | 2.10.17 | |
| devscripts_devel_team | devscripts | 2.10.18 | |
| devscripts_devel_team | devscripts | 2.10.18.1 | |
| devscripts_devel_team | devscripts | 2.10.19 | |
| devscripts_devel_team | devscripts | 2.10.20 | |
| devscripts_devel_team | devscripts | 2.10.21 | |
| devscripts_devel_team | devscripts | 2.10.22 | |
| devscripts_devel_team | devscripts | 2.10.23 | |
| devscripts_devel_team | devscripts | 2.10.24 | |
| devscripts_devel_team | devscripts | 2.10.25 | |
| devscripts_devel_team | devscripts | 2.10.26 | |
| devscripts_devel_team | devscripts | 2.10.27 | |
| devscripts_devel_team | devscripts | 2.10.28 | |
| devscripts_devel_team | devscripts | 2.10.29 | |
| devscripts_devel_team | devscripts | 2.10.30 | |
| devscripts_devel_team | devscripts | 2.10.31 | |
| devscripts_devel_team | devscripts | 2.10.32 | |
| devscripts_devel_team | devscripts | 2.10.33 | |
| devscripts_devel_team | devscripts | 2.10.34 | |
| devscripts_devel_team | devscripts | 2.10.35 | |
| devscripts_devel_team | devscripts | 2.10.36 | |
| devscripts_devel_team | devscripts | 2.10.38 | |
| devscripts_devel_team | devscripts | 2.10.39 | |
| devscripts_devel_team | devscripts | 2.10.40 | |
| devscripts_devel_team | devscripts | 2.10.41 | |
| devscripts_devel_team | devscripts | 2.10.42 | |
| devscripts_devel_team | devscripts | 2.10.43 | |
| devscripts_devel_team | devscripts | 2.10.44 | |
| devscripts_devel_team | devscripts | 2.10.45 | |
| devscripts_devel_team | devscripts | 2.10.46 | |
| devscripts_devel_team | devscripts | 2.10.47 | |
| devscripts_devel_team | devscripts | 2.10.48 | |
| devscripts_devel_team | devscripts | 2.10.49 | |
| devscripts_devel_team | devscripts | 2.10.50 | |
| devscripts_devel_team | devscripts | 2.10.51 | |
| devscripts_devel_team | devscripts | 2.10.52 | |
| devscripts_devel_team | devscripts | 2.10.53 | |
| devscripts_devel_team | devscripts | 2.10.54 | |
| devscripts_devel_team | devscripts | 2.10.55 | |
| devscripts_devel_team | devscripts | 2.10.56 | |
| devscripts_devel_team | devscripts | 2.10.57 | |
| devscripts_devel_team | devscripts | 2.10.58 | |
| devscripts_devel_team | devscripts | 2.10.59 | |
| devscripts_devel_team | devscripts | 2.10.60 | |
| devscripts_devel_team | devscripts | 2.10.61 | |
| devscripts_devel_team | devscripts | 2.10.62 | |
| devscripts_devel_team | devscripts | 2.10.63 | |
| devscripts_devel_team | devscripts | 2.10.64 | |
| devscripts_devel_team | devscripts | 2.10.65.1 | |
| devscripts_devel_team | devscripts | 2.10.66 | |
| devscripts_devel_team | devscripts | 2.10.67 | |
| devscripts_devel_team | devscripts | 2.10.68 | |
| devscripts_devel_team | devscripts | 2.11.0 | |
| devscripts_devel_team | devscripts | 2.11.1 | |
| devscripts_devel_team | devscripts | 2.11.2 | |
| devscripts_devel_team | devscripts | 2.11.3 | |
References
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03
- http://secunia.com/advisories/47955
- http://secunia.com/advisories/48039
- http://ubuntu.com/usn/usn-1366-1
- http://www.debian.org/security/2012/dsa-2409
- http://www.osvdb.org/79320
- http://www.securityfocus.com/bid/52029
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73216
- https://security-tracker.debian.org/tracker/CVE-2012-0211
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.