CVE-2014-0490

CWE-20 — Improper Input Validation9 documents7 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Advanced Package Tool

Timeline

PublishedNov 3

Latest updateMay 13

Description

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDdebian/advanced_package_tool1.0.8+5

▶Debianapt< 0.9.12+3

Patches

Patch: ubuntu.com ↗Patch: ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgp5-9jf3-jfrv: The apt-get download command in APT before 1↗2022-05-13

▶

OSV

CVE-2014-0490: The apt-get download command in APT before 1↗2014-11-03

▶

CVEList

CVE-2014-0490: The apt-get download command in APT before 1↗2014-11-03

▶

OSV

apt vulnerabilities↗2014-09-16

▶

📋Vendor Advisories

Ubuntu

APT vulnerabilities↗2014-09-16

▶

Debian

CVE-2014-0490: apt - The apt-get download command in APT before 1.0.9 does not properly validate sign...↗2014

▶

💬Community

Bugzilla

CVE-2014-0490 CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 apt: multiple issues [fedora-all]↗2014-09-18

▶

Bugzilla

CVE-2014-0488 CVE-2014-0487 CVE-2014-0489 CVE-2014-0490 apt: multiple issues↗2014-09-18

▶