CVE-2026-2219
Analyzed Analyzed - Analysis Complete

Infinite Loop DoS in dpkg-deb via Zstd Archive Validation Flaw

Vulnerability report for CVE-2026-2219, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-07

Last updated on: 2026-06-02

Assigner: Debian GNU/Linux

Description

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-07
Last Modified
2026-06-02
Generated
2026-07-06
AI Q&A
2026-03-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
debian dpkg From 1.23.0 (inc) to 1.23.6 (exc)
debian dpkg From 1.21.18 (inc) to 1.21.23 (exc)
debian dpkg From 1.22.0 (inc) to 1.22.22 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in dpkg-deb, a component of the Debian package management system. It fails to properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This improper validation can cause the system to enter an infinite loop, spinning the CPU indefinitely.

Impact Analysis

This vulnerability can lead to a denial of service condition by causing the CPU to spin in an infinite loop. This can degrade system performance or make the system unresponsive while processing a specially crafted zstd-compressed .deb archive.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart