CVE-2026-2219
Analyzed Analyzed - Analysis Complete
Infinite Loop DoS in dpkg-deb via Zstd Archive Validation Flaw

Publication date: 2026-03-07

Last updated on: 2026-06-02

Assigner: Debian GNU/Linux

Description
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2219
EUVD
EUVD-2026-10138
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
debian dpkg From 1.23.0 (inc) to 1.23.6 (exc)
debian dpkg From 1.21.18 (inc) to 1.21.23 (exc)
debian dpkg From 1.22.0 (inc) to 1.22.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in dpkg-deb, a component of the Debian package management system. It fails to properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This improper validation can cause the system to enter an infinite loop, spinning the CPU indefinitely.

Impact Analysis

This vulnerability can lead to a denial of service condition by causing the CPU to spin in an infinite loop. This can degrade system performance or make the system unresponsive while processing a specially crafted zstd-compressed .deb archive.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart