CVE-2020-27350
Published: 09 December 2020
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Priority
Medium
CVSS 3 base score: 5.7
Status
| Package | Release | Status |
|---|---|---|
|
apt Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Pending
(2.1.13)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Released
(2.1.10ubuntu0.1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.0.2ubuntu0.2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.6.12ubuntu0.2)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.2.32ubuntu0.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.0.1ubuntu2.24+esm3)
|