cbcvebase.
CVE-2014-0478
published 2014-06-17

CVE-2014-0478: APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing…

medium4CVSS 3.1
AVNACHAuNCNIPAP
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianadvanced_package_tool<= 1.0.3
debianapt< apt 1.0.4 (bookworm)apt 1.0.4 (bookworm)
debianapt>= 0 < 1.0.41.0.4
debianapt>= 0 < 1.0.41.0.4
debianapt>= 0 < 1.0.41.0.4
debianapt>= 0 < 1.0.41.0.4

CVSS provenance

nvd4.0MEDIUMAV:N/AC:H/Au:N/C:N/I:P/A:P
osv4.0MEDIUM