CVE-2026-2219

{"id": "CVE-2026-2219", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-07T09:16:07.823", "references": [{"url": "https://bugs.debian.org/1129722", "tags": ["Issue Tracking", "Mailing List"], "source": "security@debian.org"}, {"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313", "tags": ["Patch"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU)."}, {"lang": "es", "value": "Se descubri\u00f3 que dpkg-deb (un componente de dpkg, el sistema de gesti\u00f3n de paquetes de Debian) no valida correctamente el final del flujo de datos al descomprimir un archivo .deb comprimido con zstd, lo que puede resultar en denegaci\u00f3n de servicio (bucle infinito que consume la CPU)."}], "lastModified": "2026-06-02T19:12:25.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A268C989-1F46-4E99-B78A-BE27F95A319E", "versionEndExcluding": "1.21.23", "versionStartIncluding": "1.21.18"}, {"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D775719-5B8C-4CDA-ABAA-1CA570EE3E75", "versionEndExcluding": "1.22.22", "versionStartIncluding": "1.22.0"}, {"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B98E9E45-D48E-4B0F-B721-EBB9C862AC4D", "versionEndExcluding": "1.23.6", "versionStartIncluding": "1.23.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}