CVE-2020-27350
apt integer wraparound
Severity Score
5.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
APT tuvo varios desbordamientos y subdesbordamientos de enteros al analizar paquetes .deb, tambiĆ©n se conocen como GHSL-2020-168 GHSL-2020-169, en los archivos apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. Este problema afecta: apt versiones 1.2.32ubuntu0 anteriores a 1.2.32ubuntu0.2; versiones 1.6.12ubuntu0 anteriores a 1.6.12ubuntu0.2; versiones 2.0.2ubuntu0 anteriores a 2.0.2ubuntu0.2; versiones 2.1.10ubuntu0 anteriores a 2.1.10ubuntu0.1;
*Credits:
Kevin Backhouse
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-10-20 CVE Reserved
- 2020-12-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/bugs/1899193 | Broken Link | |
| https://security.netapp.com/advisory/ntap-20210108-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-4667-1 | 2022-10-29 | |
| https://www.debian.org/security/2020/dsa-4808 | 2022-10-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 1.2.32ubuntu0 < 1.2.32ubuntu0.2 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 1.2.32ubuntu0 < 1.2.32ubuntu0.2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 1.6.12ubuntu0 < 1.6.12ubuntu0.2 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 1.6.12ubuntu0 < 1.6.12ubuntu0.2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 2.0.2ubuntu0 < 2.0.2ubuntu0.2 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 2.0.2ubuntu0 < 2.0.2ubuntu0.2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 2.1.10ubuntu0 < 2.1.10ubuntu0.2 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 2.1.10ubuntu0 < 2.1.10ubuntu0.2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.10" | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | < 1.8.2.2 Search vendor "Debian" for product "Advanced Package Tool" and version " < 1.8.2.2" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Safe
|
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Safe
|