CVE-2011-3374

Опубликовано: 26 нояб. 2019

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Ссылки

https://access.redhat.com/security/cve/cve-2011-3374
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
Issue Tracking
Mailing List
Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
Third Party Advisory
https://seclists.org/fulldisclosure/2011/Sep/221
Exploit
Mailing List
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3374
Third Party Advisory
https://snyk.io/vuln/SNYK-LINUX-APT-116518
Broken Link
https://ubuntu.com/security/CVE-2011-3374
Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-3374
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
Issue Tracking
Mailing List
Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
Third Party Advisory
https://seclists.org/fulldisclosure/2011/Sep/221
Exploit
Mailing List
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3374
Third Party Advisory
https://snyk.io/vuln/SNYK-LINUX-APT-116518
Broken Link
https://ubuntu.com/security/CVE-2011-3374
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01509

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-347

Связанные уязвимости

CVE-2011-3374

CVSS3: 3.7

ubuntu

около 6 лет назад

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

CVE-2011-3374

CVSS3: 3.7

debian

около 6 лет назад

It was found that apt-key in apt, all versions, do not correctly valid ...

GHSA-xpxf-p5mx-cq4f

CVSS3: 3.7

github

почти 4 года назад

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

EPSS

Процентиль: 81%

0.01509

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-347