VDB
CVE-2020-27350
CVE-2020-27350
PUBLISHED
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
EPSS 0.16% · 36.1th percentile
Risk Scores
EPSS Score
0.16%
36.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | apt | 2.0.2, 2.0.1, 2.0.0 |
| Ubuntu:16.04:LTS | apt | 1.1.10, 1.2.4, 1.2.6 |
| Ubuntu:Pro:14.04:LTS | apt | *, 1.0.1ubuntu2.10, 1.0.1ubuntu2.12 |
| Ubuntu:18.04:LTS | apt | 1.6.6, *, 1.6.1 |
Exploit Intelligence
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
Timeline
- Dec 9, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27350 third-party-advisory
- https://ubuntu.com/security/notices/USN-4667-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4667-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27350 third-party-advisory