Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

Published

2020-12-10T04:15:11.423

Last Modified

2024-11-21T05:21:02.867

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-190
  • Type: Primary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application debian advanced_package_tool < 1.2.32ubuntu0.2 Yes
Operating System canonical ubuntu_linux 16.04 No
Application debian advanced_package_tool < 1.6.12ubuntu0.2 Yes
Operating System canonical ubuntu_linux 18.04 No
Application debian advanced_package_tool < 2.0.2ubuntu0.2 Yes
Operating System canonical ubuntu_linux 20.04 No
Application debian advanced_package_tool < 2.1.10ubuntu0.2 Yes
Operating System canonical ubuntu_linux 20.10 No
Application debian advanced_package_tool < 1.8.2.2 Yes
Operating System debian debian_linux 10.0 No
Operating System netapp solidfire_baseboard_management_controller_firmware - Yes
Hardware netapp solidfire_baseboard_management_controller - No
References