CVE-2020-3810

CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 39.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian APT Canonical Ubuntu Linux Debian Debian Linux +1 more

Timeline

PublishedMay 15

Latest updateMay 24

Description

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDdebian/apt< 2.1.2

▶Debianapt< 2.1.2+3

▶CVEListV5debian/aptbefore 2.1.2

Also affects: Debian Linux 10.0, 9.0, Fedora 32, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: salsa.debian.org ↗Patch: salsa.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-q2xq-8h7m-vrfm: Missing input validation in the ar/tar implementations of APT before version 2↗2022-05-24

▶

OSV

CVE-2020-3810: Missing input validation in the ar/tar implementations of APT before version 2↗2020-05-15

▶

CVEList

CVE-2020-3810: Missing input validation in the ar/tar implementations of APT before version 2↗2020-05-15

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2020-05-28

▶

Ubuntu

APT vulnerability↗2020-05-14

▶

Debian

CVE-2020-3810: apt - Missing input validation in the ar/tar implementations of APT before version 2.1...↗2020

▶

💬Community

Bugzilla

CVE-2020-3810 apt: missing input validation in the ar/tar implementations leads to DoS [fedora-all]↗2020-06-18

▶

Bugzilla

CVE-2020-3810 apt: missing input validation in the ar/tar implementations leads to DoS↗2020-06-18

▶