CVE-2020-27350 — Integer Overflow or Wraparound in APT

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 59.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical APT Debian APT Debian Advanced Package Tool

Timeline

PublishedDec 10

Latest updateMay 24

Description

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 1.5 | Impact: 3.7

Affected Packages3 packages

▶CVEListV5canonical/apt1.2.32ubuntu0 — 1.2.32ubuntu0.2+3

▶NVDdebian/advanced_package_tool1.2.32ubuntu0 — 1.2.32ubuntu0.2+4

▶Debiandebian/apt< 2.1.13+3

🔴Vulnerability Details

GHSA

GHSA-j2wg-wfjw-m5cq: APT had several integer overflows and underflows while parsing↗2022-05-24

▶

OSV

CVE-2020-27350: APT had several integer overflows and underflows while parsing↗2020-12-10

▶

CVEList

apt integer wraparound↗2020-12-10

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2021-01-11

▶

Ubuntu

APT vulnerability↗2020-12-09

▶

Debian

CVE-2020-27350: apt - APT had several integer overflows and underflows while parsing .deb packages, ak...↗2020

▶