VIR Vulnerability Intelligence Relay

CVE-2012-2242

medium
Published 2012-10-01 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2242

vendor Authored 2026-05-27

Vendor advisory: security@debian.org — http://secunia.com/advisories/50600

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.12.3
debian debianbullseyefixed2.12.3
debian debianforkyfixed2.12.3
debian debiansidfixed2.12.3
debian debiantrixiefixed2.12.3

Application impact
VendorProductVersionsFixed
devscripts_devel_teamdevscripts{"endIncluding":"2.10.72"}
devscripts_devel_teamdevscripts2.10.0
devscripts_devel_teamdevscripts2.10.1
devscripts_devel_teamdevscripts2.10.3
devscripts_devel_teamdevscripts2.10.6
devscripts_devel_teamdevscripts2.10.7
devscripts_devel_teamdevscripts2.10.8
devscripts_devel_teamdevscripts2.10.9
devscripts_devel_teamdevscripts2.10.10
devscripts_devel_teamdevscripts2.10.11
devscripts_devel_teamdevscripts2.10.12
devscripts_devel_teamdevscripts2.10.13
devscripts_devel_teamdevscripts2.10.14
devscripts_devel_teamdevscripts2.10.15
devscripts_devel_teamdevscripts2.10.16
devscripts_devel_teamdevscripts2.10.17
devscripts_devel_teamdevscripts2.10.18
devscripts_devel_teamdevscripts2.10.18.1
devscripts_devel_teamdevscripts2.10.19
devscripts_devel_teamdevscripts2.10.20
devscripts_devel_teamdevscripts2.10.21
devscripts_devel_teamdevscripts2.10.22
devscripts_devel_teamdevscripts2.10.23
devscripts_devel_teamdevscripts2.10.24
devscripts_devel_teamdevscripts2.10.25
devscripts_devel_teamdevscripts2.10.26
devscripts_devel_teamdevscripts2.10.27
devscripts_devel_teamdevscripts2.10.28
devscripts_devel_teamdevscripts2.10.29
devscripts_devel_teamdevscripts2.10.30
devscripts_devel_teamdevscripts2.10.31
devscripts_devel_teamdevscripts2.10.32
devscripts_devel_teamdevscripts2.10.33
devscripts_devel_teamdevscripts2.10.34
devscripts_devel_teamdevscripts2.10.35
devscripts_devel_teamdevscripts2.10.36
devscripts_devel_teamdevscripts2.10.38
devscripts_devel_teamdevscripts2.10.39
devscripts_devel_teamdevscripts2.10.40
devscripts_devel_teamdevscripts2.10.41
devscripts_devel_teamdevscripts2.10.42
devscripts_devel_teamdevscripts2.10.43
devscripts_devel_teamdevscripts2.10.44
devscripts_devel_teamdevscripts2.10.45
devscripts_devel_teamdevscripts2.10.46
devscripts_devel_teamdevscripts2.10.47
devscripts_devel_teamdevscripts2.10.48
devscripts_devel_teamdevscripts2.10.49
devscripts_devel_teamdevscripts2.10.50
devscripts_devel_teamdevscripts2.10.51
devscripts_devel_teamdevscripts2.10.52
devscripts_devel_teamdevscripts2.10.53
devscripts_devel_teamdevscripts2.10.54
devscripts_devel_teamdevscripts2.10.55
devscripts_devel_teamdevscripts2.10.56
devscripts_devel_teamdevscripts2.10.57
devscripts_devel_teamdevscripts2.10.58
devscripts_devel_teamdevscripts2.10.59
devscripts_devel_teamdevscripts2.10.60
devscripts_devel_teamdevscripts2.10.61
devscripts_devel_teamdevscripts2.10.62
devscripts_devel_teamdevscripts2.10.63
devscripts_devel_teamdevscripts2.10.64
devscripts_devel_teamdevscripts2.10.65.1
devscripts_devel_teamdevscripts2.10.66
devscripts_devel_teamdevscripts2.10.67
devscripts_devel_teamdevscripts2.10.68
devscripts_devel_teamdevscripts2.10.69
devscripts_devel_teamdevscripts2.10.70
devscripts_devel_teamdevscripts2.10.71

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.