Lucene search

K

DebianCVELIST:CVE-2020-3810

HistoryMay 15, 2020 - 1:42 p.m.

CVE-2020-3810

2020-05-1513:42:05

debian

www.cve.org

5

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.1%

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

CNA Affected

[
  {
    "product": "apt",
    "vendor": "Debian",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.1.2"
      }
    ]
  }
]

References

bugs.launchpad.net/bugs/1878177

github.com/Debian/apt/issues/111

lists.debian.org/debian-security-announce/2020/msg00089.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/

salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6

tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/

usn.ubuntu.com/4359-1/

usn.ubuntu.com/4359-2/

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.1%

Related for CVELIST:CVE-2020-3810

debian3 nessus4 openvas5 ubuntu2 ubuntucve1 nvd1 fedora1 prion1 debiancve1 cloudfoundry1 osv3 cve1