Various memory and file descriptor leaks in apt-python
CVE-2020-27351
2LOW
Summary
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Affected Version(s)
python-apt 1.1.0~beta1 < 1.1.0~beta1ubuntu0.16.04.10
python-apt 1.6.5ubuntu0 < 1.6.5ubuntu0.4
python-apt 2.0.0ubuntu0 < 2.0.0ubuntu0.20.04.2
References
CVSS V3.1
Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Kevin Backhouse