Lucene search

[email protected]CVE-2020-27351

HistoryDec 10, 2020 - 4:15 a.m.

CVE-2020-27351

2020-12-1004:15:11

CWE-772

[email protected]

web.nvd.nist.gov

266

cve-2020-27351

memory leaks

file descriptor leaks

python-apt

security vulnerability

ghsl-2020-170

nvd

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.6 Low

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.9%

JSON

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

Affected configurations

NVD

Node

debianadvanced_package_toolRange1.1.0\~beta1–1.1.0\~beta1ubuntu0.16.04.10

AND

canonicalubuntu_linuxMatch16.04lts

Node

debianadvanced_package_toolRange1.6.5ubuntu0–1.6.5ubuntu0.4

AND

canonicalubuntu_linuxMatch18.04lts

Node

debianadvanced_package_toolRange2.0.0ubuntu0–2.0.0ubuntu0.20.04.2

AND

canonicalubuntu_linuxMatch20.04lts

Node

debianadvanced_package_toolRange2.1.3ubuntu1–2.1.30ubuntu1.1

AND

canonicalubuntu_linuxMatch20.10

Node

debianadvanced_package_toolRange<1.8.4.2

AND

debiandebian_linuxMatch10.0

CPENameOperatorVersion
debian:advanced_package_tooldebian advanced package toollt1.1.0\~beta1ubuntu0.16.04.10

CPE	Name	Operator	Version
debian:advanced_package_tool	debian advanced package tool	lt	1.1.0\~beta1ubuntu0.16.04.10

CNA Affected

[
  {
    "product": "python-apt",
    "vendor": "Canonical",
    "versions": [
      {
        "lessThan": "1.1.0~beta1ubuntu0.16.04.10",
        "status": "affected",
        "version": "1.1.0~beta1",
        "versionType": "custom"
      },
      {
        "lessThan": "1.6.5ubuntu0.4",
        "status": "affected",
        "version": "1.6.5ubuntu0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.0.0ubuntu0.20.04.2",
        "status": "affected",
        "version": "2.0.0ubuntu0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.1.3ubuntu1.1",
        "status": "affected",
        "version": "2.1.3ubuntu1",
        "versionType": "custom"
      }
    ]
  }
]