Vulnerability Details : CVE-2020-27350
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Vulnerability category: Overflow
Products affected by CVE-2020-27350
- Debian » Advanced Package ToolVersions from including (>=) 1.6.12ubuntu0 and before (<) 1.6.12ubuntu0.2cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- Debian » Advanced Package ToolVersions from including (>=) 2.1.10ubuntu0 and before (<) 2.1.10ubuntu0.2cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- Debian » Advanced Package ToolVersions from including (>=) 1.2.32ubuntu0 and before (<) 1.2.32ubuntu0.2cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- Debian » Advanced Package ToolVersions from including (>=) 2.0.2ubuntu0 and before (<) 2.0.2ubuntu0.2cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-27350
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27350
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
1.5
|
3.7
|
NIST | |
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
1.5
|
3.7
|
Canonical Ltd. |
CWE ids for CVE-2020-27350
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)
References for CVE-2020-27350
-
https://usn.ubuntu.com/usn/usn-4667-1
Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210108-0005/
CVE-2020-27350 APT Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://bugs.launchpad.net/bugs/1899193
Broken Link
-
https://www.debian.org/security/2020/dsa-4808
Debian -- Security Information -- DSA-4808-1 aptVendor Advisory
Jump to