Debian devscripts 'uscan' Input Validation Vulnerability

Medium Nessus Network Monitor Plugin ID 5175


The remote host is vulnerable to a remote code execution attack.


The remote host is running a version of devscripts uscan that is potentially affected by a code execution vulnerability. The application runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. An attacker could exploit this flaw to execute arbitrary code on the remote host.


Upgrade to devscripts uscan 2.9.6 / 2.10.35

See Also

Plugin Details

Severity: Medium

ID: 5175

Family: Web Clients

Published: 2009/09/15

Modified: 2018/09/16

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium


Base Score: 5.1

Temporal Score: 5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 4.9


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Patch Publication Date: 2009/09/11

Vulnerability Publication Date: 2009/09/11

Reference Information

CVE: CVE-2009-2946

BID: 36227