CVE-2009-1300

CWE-20Improper Input Validation6 documents6 sources
Severity
10.0CRITICAL
EPSS
1.0%
top 22.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Advanced Package Tool
Timeline
PublishedApr 16
Latest updateMay 2

Description

apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianapt< 0.7.21+3

🔴Vulnerability Details

3
GHSA
GHSA-3cfj-r393-3gq3: apt 02022-05-02
OSV
CVE-2009-1300: apt 02009-04-16
CVEList
CVE-2009-1300: apt 02009-04-16

📋Vendor Advisories

2
Ubuntu
APT vulnerabilities2009-04-20
Debian
CVE-2009-1300: apt - apt 0.7.20 does not check when the date command returns an "invalid date" error,...2009
CVE-2009-1300 (CRITICAL CVSS 10) | apt 0.7.20 does not check when the | cvebase.io