2 results (0.035 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Una falta de comprobación de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podría resultar en una denegación de servicio al procesar archivos deb especialmente diseñados • https://bugs.launchpad.net/bugs/1878177 https://github.com/Debian/apt/issues/111 https://lists.debian.org/debian-security-announce/2020/msg00089.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable https://usn.ubuntu.com/4359-1 https://usn.ubuntu.com/4359-2 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 2%CPEs: 180EXPL: 0

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. apt-get in apt anterior a 0.7.21 no comprueba adecuadamente el error de codigo en gpgv, lo que hace que apt utilice un repositorio firmado con una clave que ha sido revocada o ha caducado, lo que permite a atacantes remotos engañar a apt en la instlacion de repositorios maliciosos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 http://secunia.com/advisories/34829 http://secunia.com/advisories/34832 http://secunia.com/advisories/34874 http://www.debian.org/security/2009/dsa-1779 http://www.securityfocus.com/bid/34630 https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012 https://exchange.xforce.ibmcloud.com/vulnerabilities/50086 https://usn.ubuntu.com/762-1 •