What is CVE-2012-3587?

CVE-2012-3587 is a vulnerability in Debian Advanced_package_tool, classified under Improper Input Validation. Published 2012-06-19.

Is CVE-2012-3587 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Debian Advanced_package_tool

CVE-2012-3587

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.017 (74.3th percentile) — read the EPSS interpretation.

Affected products

Debian Advanced_package_tool — versions 0.7.0, 0.7.1, 0.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

sjourdan/clair-lab

References

cve@mitre.org (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-3587?: CVE-2012-3587 is a vulnerability in Debian Advanced_package_tool, classified under Improper Input Validation. Published 2012-06-19.
Is CVE-2012-3587 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.