What is CVE-2020-27351?

CVE-2020-27351 is a low-severity vulnerability in Canonical Python-apt, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 2.0/10. Published 2020-12-10.

How severe is CVE-2020-27351?

Low severity. CVSS v3 base score is 2.0 out of 10.

Vulnerability in Canonical Python-apt

CVE-2020-27351

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5u…

EPSS: 0.004 (30.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.0 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L.

Affected products

Canonical Python-apt — versions 1.1.0~beta1, 1.6.5ubuntu0, 2.0.0ubuntu0
Canonical Ubuntu_linux — versions 16.04, 18.04, 20.04
Debian Advanced_package_tool
Debian Debian_linux — versions 10.0

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References

security@ubuntu.com (x_refsource_MISC, Broken Link)
security@ubuntu.com (x_refsource_MISC, Vendor Advisory)
security@ubuntu.com (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)

Frequently asked questions

What is CVE-2020-27351?: CVE-2020-27351 is a low-severity vulnerability in Canonical Python-apt, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 2.0/10. Published 2020-12-10.
How severe is CVE-2020-27351?: Low severity. CVSS v3 base score is 2.0 out of 10.