Published: 05/09/2020 Updated: 16/09/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Versions of add-apt-repository prior to 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical add-apt-repository

Debian Bug report logs - #968850 software-properties: CVE-2020-15709 Package: src:software-properties; Maintainer for src:software-properties is Julian Andres Klode <jak@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Aug 2020 11:15:03 UTC Severity: important Tags: security, upstream ...

oss-sec mailing list archives   By Date By Thread </form>    Re: ansi escape sequence injection into ubuntu's add-apt-repository   Fro ...

NVD-CWE-noinfo https://git.launchpad.net/software-properties/commit/add-apt-repository?id=97e2fe7d181e8711e0f5253d3b8db40426c17f1e https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968850 https://nvd.nist.gov

CVE-2020-15709

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect