CVSS Score v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0074
73.4th percentile
Risk Priority
20
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-1664 is a critical-severity Path Traversal (CWE-22) vulnerability in Debian Dpkg . Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 26.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction…
more can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
debian
dpkg
1.14.17 — 1.18.26 · 1.19.0 — 1.19.8 · 1.20.0 — 1.20.10
debian
debian linux
10.0, 11.0, 9.0
netapp
ontap select deploy administration utility
all versions
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
References
Mailing List, Patch, Vendor Advisory · security@debian.org
Mailing List, Patch, Vendor Advisory · security@debian.org
Mailing List, Patch, Vendor Advisory · security@debian.org
Mailing List, Patch, Vendor Advisory · security@debian.org
Mailing List, Vendor Advisory · security@debian.org
Mailing List, Vendor Advisory · security@debian.org
Third Party Advisory · security@debian.org
Mailing List, Patch, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Patch, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Patch, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Patch, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108