DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.

Open
MEDIUM (4.5)
  • logo

    System detected CVE-2025-6297

    0.12.0
  • logo

    System detected CVE-2025-6297

    main
  • logo

    System updated the risk assessment from 0 to 4.45

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0 to 4.45

    attest

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0 to 4.45

    attesting

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-6297

    0.12.0
  • logo

    System fixed CVE-2025-6297

    attesting
  • logo

    System fixed CVE-2025-6297

    attest
  • logo

    System detected CVE-2025-6297 with a risk of 4.45

    0.12.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/dpkg

Installed version:
1.21.22
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5