CVE-2020-3810

Published: 12 May 2020

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
apt Launchpad, Ubuntu, Debian	Upstream	Released (2.1.2)


	Ubuntu 20.04 LTS (Focal Fossa)	Released (2.0.2ubuntu0.1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (1.6.12ubuntu0.1)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.2.32ubuntu0.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.0.1ubuntu2.24+esm1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810
https://github.com/Debian/apt/issues/111
https://github.com/julian-klode/apt/commit/de4efadc3c92e26d37272fd310be148ec61dcf36
https://salsa.debian.org/jak/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6
https://ubuntu.com/security/notices/USN-4359-1
https://ubuntu.com/security/notices/USN-4359-2
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1878177

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›