CVE-2025-6297
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-08-19
Assigner: Debian GNU/Linux
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| debian | dpkg | to 1.22.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in dpkg occurs because it does not properly sanitize directory permissions when extracting control files from .deb packages into temporary directories. If these directories have restrictive permissions that prevent non-root users from removing files, repeated automated extraction of adversarial or highly compressible .deb packages can cause temporary files to accumulate. This leads to disk quota exhaustion or a full disk condition, resulting in a denial-of-service (DoS) scenario. [1]
How can this vulnerability impact me? :
The vulnerability can cause a denial-of-service (DoS) by exhausting disk space or disk quota on the system. This happens when temporary files from repeated dpkg-deb operations accumulate in directories with restrictive permissions, preventing their removal by non-root users. As a result, the system may become unable to write new data, potentially disrupting normal operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated or automated executions of the dpkg-deb command on adversarial or specially crafted .deb packages, especially those placed in directories with restrictive permissions (e.g., 0555) that prevent non-root users from removing files. To check for such conditions, you can inspect directory permissions where dpkg-deb operations occur and look for leftover temporary files after package extraction. Suggested commands include: 1) Checking directory permissions: `ls -ld <directory>` 2) Listing temporary files left behind: `find /tmp -user <user> -name '*dpkg*'` or similar temporary extraction paths 3) Monitoring dpkg-deb usage in logs or via process monitoring tools. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating dpkg to a version that includes the patch fixing this vulnerability, which corrects directory permissions during control data extraction to prevent leftover files and disk exhaustion. Until the update is applied, avoid running dpkg-deb commands on untrusted or adversarial .deb packages, especially in directories with restrictive permissions that prevent file removal by non-root users. Additionally, ensure that directories used for package extraction have appropriate permissions (e.g., 0755) to allow cleanup of temporary files. [1]