CVE-2012-0214 : The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Pac

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Published 2014-04-15 23:55:08

Updated 2025-04-12 10:46:41

Source Debian GNU/Linux

View at NVD, CVE.org

Products affected by CVE-2012-0214

Advanced Package Tool » Advanced Package Tool
Versions up to, including, (<=) 0.8.16\~exp12
cpe:2.3:a:advanced_package_tool:advanced_package_tool:*:*:*:*:*:*:*:*
Matching versions
Advanced Package Tool » Advanced Package Tool » Version: 0.8.12
cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.12:*:*:*:*:*:*:*
Matching versions
Advanced Package Tool » Advanced Package Tool » Version: 0.8.13
cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.13:*:*:*:*:*:*:*
Matching versions
Advanced Package Tool » Advanced Package Tool » Version: 0.8.14
cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.14:*:*:*:*:*:*:*
Matching versions
Advanced Package Tool » Advanced Package Tool » Version: 0.8.15
cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.15:*:*:*:*:*:*:*
Matching versions
Advanced Package Tool » Advanced Package Tool » Version: 0.8.11
cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.11:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0214

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0214

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-0214

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0214

http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92

404 Not Found
http://www.ubuntu.com/usn/USN-1385-1

USN-1385-1: APT vulnerability | Ubuntu security notices
http://anonscm.debian.org/gitweb/?p=apt/apt.git;a=commitdiff;h=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6

404 Not Found
http://anonscm.debian.org/gitweb/?p=apt/apt.git;a=commitdiff;h=b7a6594d1e5ed199a7a472b78b33e070375d6f92

404 Not Found
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6

404 Not Found

Jump to

Vulnerability Details : CVE-2012-0214

Products affected by CVE-2012-0214

Exploit prediction scoring system (EPSS) score for CVE-2012-0214

CVSS scores for CVE-2012-0214

CWE ids for CVE-2012-0214

References for CVE-2012-0214