Advanced Package Tool
CVE-2020-27350
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
AnalysisAI
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; Affected products include: Debian Advanced Package Tool, Netapp Solidfire Baseboard Management Controller Firmware. Version information: prior to 1.2.32.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
More in Advanced Package Tool
View allThe apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to co
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and in
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote atta
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since he
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cau
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mish
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the c
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today