CVE-2015-0860

EPSS 4.91% · P90 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-0860

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Debian dpkg 差一错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Debian dpkg是美国软件开发者伊恩-默多克（Ian Murdock）所研发的一款Debian软件包管理器。 Debian dpkg 1.16.17之前1.16.x版本和1.17.26之前1.17.x版本的dpkg-deb/extract.c文件中的‘extracthalf’函数存在差一错误漏洞。远程攻击者可借助‘old-style’Debian二进制数据包中的archive magic版本号利用该漏洞执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2015-0860

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2015-0860

请登录查看更多情报信息。

https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814dx_refsource_CONFIRM
https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.htmlx_refsource_MISC
http://www.debian.org/security/2015/dsa-3407vendor-advisoryx_refsource_DEBIAN
USN-2820-1: dpkg vulnerability | Ubuntu security notices | Ubuntuvendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/201612-07vendor-advisoryx_refsource_GENTOO
https://nvd.nist.gov/vuln/detail/CVE-2015-0860

Same Patch Batch · n/a · 2015-12-03 · 8 CVEs total

CVE-2015-0859		Debian wheezy和jessie 任意代码执行漏洞
CVE-2015-5245		Red Hat Ceph 安全漏洞
CVE-2015-8076		Cyrus IMAP 安全漏洞
CVE-2015-8077		Cyrus IMAP 数字错误漏洞
CVE-2015-8078		Cyrus IMAP 数字错误漏洞
CVE-2015-6383		Cisco ASR 1000 IOS XE 权限许可和访问控制漏洞
CVE-2015-6390		Cisco Unity Connection 跨站脚本漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2015-0860

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2015-0860

I. Basic Information for CVE-2015-0860

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2015-0860

III. Intelligence Information for CVE-2015-0860

Same Patch Batch · n/a · 2015-12-03 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2015-0860

Leave a comment