CVE-2014-0489

CWE-20Improper Input Validation9 documents7 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Advanced Package Tool
Timeline
PublishedNov 3
Latest updateMay 13

Description

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDdebian/advanced_package_tool1.0.3, 1.0.5, 1.0.7+2
Debianapt< 1.0.9+3
Ubuntuapt< 1.0.1ubuntu2.3

Patches

Patch: ubuntu.comPatch: ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-x6q8-2q34-2w6w: APT before 12022-05-13
CVEList
CVE-2014-0489: APT before 12014-11-03
OSV
CVE-2014-0489: APT before 12014-11-03
OSV
apt vulnerabilities2014-09-16

📋Vendor Advisories

2
Ubuntu
APT vulnerabilities2014-09-16
Debian
CVE-2014-0489: apt - APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not vali...2014

💬Community

2
Bugzilla
CVE-2014-0490 CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 apt: multiple issues [fedora-all]2014-09-18
Bugzilla
CVE-2014-0488 CVE-2014-0487 CVE-2014-0489 CVE-2014-0490 apt: multiple issues2014-09-18
CVE-2014-0489 (HIGH CVSS 7.5) | APT before 1.0.9 | cvebase.io