Buffer overflow in Debian Advanced_package_tool

CVE-2014-6273

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

Vulnerability class: Buffer Overflow

EPSS: 0.024 (82.1th percentile) — read the EPSS interpretation.

Affected products

Debian Advanced_package_tool
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

security@debian.org (x_refsource_UBUNTU, vendor-advisory, Patch, Vendor Advisory)
security@debian.org (vdb-entry, x_refsource_BID)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (vdb-entry, x_refsource_XF)
security@debian.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)