CVE-2011-1829

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 65.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Advanced Package Tool Canonical Ubuntu Linux

Timeline

PublishedJul 27

Latest updateMay 13

Description

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdebian/advanced_package_tool< 0.8.15.2

▶Debianapt< 0.8.15.2+3

Also affects: Ubuntu Linux 11.04

Patches

Patch: launchpadlibrarian.net ↗Patch: launchpad.net ↗Patch: launchpadlibrarian.net ↗

🔴Vulnerability Details

GHSA

GHSA-qq54-xq37-2h5v: APT before 0↗2022-05-13

▶

CVEList

CVE-2011-1829: APT before 0↗2011-07-27

▶

OSV

CVE-2011-1829: APT before 0↗2011-07-27

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2011-07-13

▶

Debian

CVE-2011-1829: apt - APT before 0.8.15.2 does not properly validate inline GPG signatures, which allo...↗2011

▶