{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2219","assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","state":"PUBLISHED","assignerShortName":"debian","dateReserved":"2026-02-08T15:48:51.824Z","datePublished":"2026-03-07T08:10:53.207Z","dateUpdated":"2026-03-09T14:52:18.435Z"},"containers":{"cna":{"providerMetadata":{"orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian","dateUpdated":"2026-03-07T10:02:03.145Z"},"affected":[{"vendor":"Debian","product":"dpkg","versions":[{"status":"affected","version":"1.21.18","lessThan":"1.23.6","versionType":"semver"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).</p>"}]}],"references":[{"url":"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313","tags":["patch"]},{"url":"https://bugs.debian.org/1129722","tags":["issue-tracking"]}],"credits":[{"lang":"en","value":"Yashashree Gund","type":"reporter"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-835","lang":"en","description":"CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-03-09T14:52:13.047553Z","id":"CVE-2026-2219","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-09T14:52:18.435Z"}}]}}