CVE-2009-1358
published 2009-04-21CVE-2009-1358: apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed…
critical10CVSS 3.1
AVNACLAuNCCICAC
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Affected
170 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | advanced_package_tool | <= 0.7.20 | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | advanced_package_tool | — | — |
| debian | apt | < apt 0.7.21 (bookworm) | apt 0.7.21 (bookworm) |
| debian | apt | — | — |
| debian | apt | — | — |
| debian | apt | — | — |
| debian | apt | — | — |
| debian | apt | — | — |
| debian | apt | — | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL