4.3

CVE-2012-0214

EPSS 0.12%
Veröffentlicht 15.04.2014 23:55:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@debian.org
Teams Watchlist Login
Unerledigt Login

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Advanced Package Tool ≫ Advanced Package Tool Version <= 0.8.16\~exp12

Advanced Package Tool ≫ Advanced Package Tool Version0.8.11

Advanced Package Tool ≫ Advanced Package Tool Version0.8.12

Advanced Package Tool ≫ Advanced Package Tool Version0.8.13

Advanced Package Tool ≫ Advanced Package Tool Version0.8.14

Advanced Package Tool ≫ Advanced Package Tool Version0.8.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.275

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92

http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6

http://www.ubuntu.com/usn/USN-1385-1

https://nvd.nist.gov/vuln/detail/CVE-2012-0214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0214

EUVD