Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.7
CVSSv3

CVE-2020-27350

Published: 10/12/2020 Updated: 29/10/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.7 | Impact Score: 3.7 | Exploitability Score: 1.5
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Advanced Package Tool

Vulnerability Summary

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions before 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions before 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions before 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions before 2.1.10ubuntu0.1;

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian advanced_package_tool

netapp solidfire_baseboard_management_controller_firmware -

Vendor Advisories

Debian Security Advisories: DSA-4808-1 apt -- security update
It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files For the stable distribution (buster), this problem has been fixed in version 1822 We recommend that you upgra ...

Github Repositories

https://github.com/fjogeleit/trivy-operator-polr-adapter

Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports

Trivy Operator PolicyReport Adapter Maps Trivy Operator CRDs into the unified PolicyReport and ClusterPolicyReport from the Kubernetes Policy Working Group This makes it possible to use tooling like Policy Reporter for the different kinds of Trivy Reports Pre Requirements Trivy Operator with the related CRDs is installed and running PolicyReport CRDs are installed in your Cl

References

CWE-190https://usn.ubuntu.com/usn/usn-4667-1https://bugs.launchpad.net/bugs/1899193https://www.debian.org/security/2020/dsa-4808https://security.netapp.com/advisory/ntap-20210108-0005/https://nvd.nist.govhttps://github.com/fjogeleit/trivy-operator-polr-adapterhttps://www.debian.org/security/2020/dsa-4808
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook