CVE-2020-27351

Published Dec 10, 2020

Last updated 4 years ago

CVSS low 2.8

Overview

Description: Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Source: security@ubuntu.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.8
Impact score: 1.4
Exploitability score: 1.3
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-772
security@ubuntu.com: CWE-772

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F1CD972-BF6E-437D-BD7A-9C6E1649E05E",
            "versionEndExcluding": "1.1.0\\~beta1ubuntu0.16.04.10",
            "versionStartIncluding": "1.1.0\\~beta1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46110C63-28BC-4CAC-9D26-D5CEE0042A54",
            "versionEndExcluding": "1.6.5ubuntu0.4",
            "versionStartIncluding": "1.6.5ubuntu0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EE283A5-3974-4B01-9BAC-940B32714D9F",
            "versionEndExcluding": "2.0.0ubuntu0.20.04.2",
            "versionStartIncluding": "2.0.0ubuntu0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "496C03D7-3211-47CE-996F-AE031900B54C",
            "versionEndExcluding": "2.1.30ubuntu1.1",
            "versionStartIncluding": "2.1.3ubuntu1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "338B3AAC-C147-4A31-95E7-6E8A6FB4B3FC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A03A663-BC84-47BE-90DA-09753C3F44FE",
            "versionEndExcluding": "1.8.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References