Published: 30/09/2014 Updated: 08/01/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and previous versions allows man-in-the-middle malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian advanced package tool

APT could be made to crash or run programs if it received specially crafted network traffic ...

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the http apt method binary, or potentially to arbitrary code execution Two regression fixes were included in this ...

CWE-119 http://www.ubuntu.com/usn/USN-2353-1 http://www.debian.org/security/2014/dsa-3031 http://www.securityfocus.com/bid/70075 http://secunia.com/advisories/61605 http://secunia.com/advisories/61710 https://exchange.xforce.ibmcloud.com/vulnerabilities/96151 https://usn.ubuntu.com/2353-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-6273

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect