Lucene search

[email protected]NVD:CVE-2020-27350

HistoryDec 10, 2020 - 4:15 a.m.

CVE-2020-27350

2020-12-1004:15:11

CWE-190

[email protected]

web.nvd.nist.gov

apt

integer overflows

.deb package

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

Affected configurations

Nvd

Node

debianadvanced_package_toolRange1.2.32ubuntu0–1.2.32ubuntu0.2

AND

canonicalubuntu_linuxMatch16.04lts

Node

debianadvanced_package_toolRange1.6.12ubuntu0–1.6.12ubuntu0.2

AND

canonicalubuntu_linuxMatch18.04lts

Node

debianadvanced_package_toolRange2.0.2ubuntu0–2.0.2ubuntu0.2

AND

canonicalubuntu_linuxMatch20.04lts

Node

debianadvanced_package_toolRange2.1.10ubuntu0–2.1.10ubuntu0.2

AND

canonicalubuntu_linuxMatch20.10

Node

debianadvanced_package_toolRange<1.8.2.2

AND

debiandebian_linuxMatch10.0

Node

netappsolidfire_baseboard_management_controller_firmwareMatch-

AND

netappsolidfire_baseboard_management_controllerMatch-

VendorProductVersionCPE
debianadvanced_package_tool*cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.10cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
netappsolidfire_baseboard_management_controller_firmware-cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
netappsolidfire_baseboard_management_controller-cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	advanced_package_tool	*	cpe:2.3:a:debian:advanced_package_tool::::::::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
canonical	ubuntu_linux	20.10	cpe:2.3:o:canonical:ubuntu_linux:20.10:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
netapp	solidfire_baseboard_management_controller_firmware	-	cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::*
netapp	solidfire_baseboard_management_controller	-	cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::*