CVE-2020-27351
Various memory and file descriptor leaks in apt-python
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Se encontraron varios filtrados de memoria y descriptores de archivos en los archivos python/arfile.cc, python/tag.cc, python/tarfile.cc, tambiĆ©n se conoce como GHSL-2020-170. Este problema afecta a: python-apt versiones 1.1.0~beta1 anteriores a 1.1.0~beta1ubuntu0.16.04.10; versiones 1.6.5ubuntu0 anteriores a 1.6.5ubuntu0.4; versiones 2.0.0ubuntu0 anteriores a 2.0.0ubuntu0.20.04.2; versiones 2.1.3ubuntu1 anteriores a 2.1.3ubuntu1.1;
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-20 CVE Reserved
- 2020-12-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://bugs.launchpad.net/bugs/1899193 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/usn/usn-4668-1 | 2020-12-14 | |
https://www.debian.org/security/2020/dsa-4809 | 2020-12-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 1.1.0\~beta1 < 1.1.0\~beta1ubuntu0.16.04.10 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 1.1.0\~beta1 < 1.1.0\~beta1ubuntu0.16.04.10" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Safe
|
Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 1.6.5ubuntu0 < 1.6.5ubuntu0.4 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 1.6.5ubuntu0 < 1.6.5ubuntu0.4" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Safe
|
Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 2.0.0ubuntu0 < 2.0.0ubuntu0.20.04.2 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 2.0.0ubuntu0 < 2.0.0ubuntu0.20.04.2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Safe
|
Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | >= 2.1.3ubuntu1 < 2.1.30ubuntu1.1 Search vendor "Debian" for product "Advanced Package Tool" and version " >= 2.1.3ubuntu1 < 2.1.30ubuntu1.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.10" | - |
Safe
|
Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | < 1.8.4.2 Search vendor "Debian" for product "Advanced Package Tool" and version " < 1.8.4.2" | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Safe
|