Описание
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00202
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 11 лет назад
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
debian
больше 11 лет назад
APT before 1.0.9 does not "invalidate repository data" when moving fro ...
github
больше 3 лет назад
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
EPSS
Процентиль: 42%
0.00202
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20