Input Validation Flaw in APT Affects Debian and Ubuntu Software Package Management
CVE-2020-3810

5.5MEDIUM

Key Information:

Vendor
Debian
Status
Apt
Vendor
CVE Published:
15 May 2020

Summary

A vulnerability exists in the APT package management system due to missing input validation in its ar/tar implementations. This flaw allows attackers to craft specially designed deb files that can trigger a denial of service condition when processed by systems using affected versions of APT before 2.1.2. This could lead to unexpected application behavior or crash, impacting the stability of package management operations on Debian and Ubuntu systems.

Affected Version(s)

apt before 2.1.2

References

https://github.com/Debian/apt/issues/111
x_refsource_MISC
https://bugs.launchpad.net/bugs/1878177
x_refsource_MISC
https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.