{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-6297","assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","state":"PUBLISHED","assignerShortName":"debian","dateReserved":"2025-06-19T07:40:18.350Z","datePublished":"2025-07-01T16:16:54.624Z","dateUpdated":"2025-07-01T17:30:37.332Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"dpkg","vendor":"Debian","versions":[{"lessThan":"ed6bbd445dd8800308c67236ba35d08004c98e82","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.<br>"}],"value":"It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."}],"providerMetadata":{"orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian","dateUpdated":"2025-07-01T17:21:05.050Z"},"references":[{"url":"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"}],"source":{"discovery":"UNKNOWN"},"title":"dpkg-deb: Fix cleanup for control member with restricted directories","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-732","lang":"en","description":"CWE-732 Incorrect Permission Assignment for Critical Resource"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-400","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.2,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-07-01T17:30:21.146019Z","id":"CVE-2025-6297","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-01T17:30:37.332Z"}}]}}