CVE-2013-1051

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 68.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Advanced Package Tool Debian APT

Timeline

PublishedMar 21

Latest updateMay 13

Description

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianapt< 0.9.7.8+3

▶NVDdebian/apt0.9.7

▶NVDdebian/advanced_package_tool0.8.16

Also affects: Ubuntu Linux 11.10, 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-pgxw-xqx6-crgv: apt 0↗2022-05-13

▶

CVEList

CVE-2013-1051: apt 0↗2013-03-21

▶

OSV

CVE-2013-1051: apt 0↗2013-03-21

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2013-03-14

▶

Debian

CVE-2013-1051: apt - apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InReleas...↗2013

▶