Input Validation Flaw in APT Affects Debian and Ubuntu Software Package Management
CVE-2020-3810

5.5MEDIUM

Key Information:

Vendor

Debian
Status
Apt
Vendor
CVE Published:
15 May 2020

What is CVE-2020-3810?

A vulnerability exists in the APT package management system due to missing input validation in its ar/tar implementations. This flaw allows attackers to craft specially designed deb files that can trigger a denial of service condition when processed by systems using affected versions of APT before 2.1.2. This could lead to unexpected application behavior or crash, impacting the stability of package management operations on Debian and Ubuntu systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

apt before 2.1.2

References

https://github.com/Debian/apt/issues/111
x_refsource_MISC
https://bugs.launchpad.net/bugs/1878177
x_refsource_MISC
https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.