CVE-2020-15701

CWE-755Improper Exception Handling8 documents5 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 69.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical ApportCanonical Ubuntu Linux
Timeline
PublishedAug 6
Latest updateMay 24

Description

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5canonical/apport2.20.12.20.1-0ubuntu2.24+2
Ubuntuapport< 2.20.1-0ubuntu2.24+3
NVDcanonical/apport100 versions+99

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04

🔴Vulnerability Details

5
GHSA
GHSA-r3r2-rv2r-78wf: An unhandled exception in check_ignored() in apport/report2022-05-24
OSV
apport vulnerabilities2020-09-02
CVEList
Unhandled exception in apport2020-08-06
OSV
apport vulnerabilities2020-08-04
OSV
CVE-2020-15701: An unhandled exception in check_ignored() in apport/report2020-05-13

📋Vendor Advisories

2
Ubuntu
Apport vulnerabilities2020-09-02
Ubuntu
Apport vulnerabilities2020-08-04