CVE-2020-3810: Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb…

medium5.5CVSS 3.1

AVLACLPRNUIRSUCNINAH

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	apt	< 2.1.2	2.1.2
debian	apt	< apt 2.1.2 (bookworm)	apt 2.1.2 (bookworm)
debian	apt	—	—
debian	apt	>= 0 < 2.1.2	2.1.2
debian	apt	>= 0 < 2.1.2	2.1.2
debian	apt	>= 0 < 2.1.2	2.1.2
debian	apt	>= 0 < 2.1.2	2.1.2
debian	debian_linux	—	—
debian	debian_linux	—	—
fedoraproject	fedora	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv5.5MEDIUM