Improper input validation in Debian Advanced_package_tool
CVE-2014-0488
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.021 (79.1th percentile) — read the EPSS interpretation.
Affected products
- Debian Advanced_package_tool — versions 1.0.3, 1.0.7
- N/a — versions n/a
Weakness classification (CWE)
References
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (x_refsource_UBUNTU, vendor-advisory, Patch, Vendor Advisory)
- security@debian.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)