4.3
CVE-2011-1829
- EPSS 1.69%
- Veröffentlicht 27.07.2011 02:55:01
- Zuletzt bearbeitet 16.06.2026 23:30:12
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Advanced Package Tool Version < 0.8.15.2
Canonical ≫ Ubuntu Linux Version11.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.69% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz
http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog
http://www.securityfocus.com/bid/48671
http://www.ubuntu.com/usn/USN-1169-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/68560
https://launchpad.net/bugs/784473
https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra