CVE-2020-27350 — MEDIUM (5.7)

Q: How severe is CVE-2020-27350?

CVE-2020-27350 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-27350?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Advanced Package Tool, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Solidfire Baseboard Management Controller Firmware, Netapp Solidfire Baseboard Management Controller.

Vulnerability Description

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Debian	Advanced Package Tool	>= 1.2.32ubuntu0, < 1.2.32ubuntu0.2
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	10.0
Netapp	Solidfire Baseboard Management Controller Firmware	-
Netapp	Solidfire Baseboard Management Controller	-

Related Weaknesses (CWE)

CWE-190

References

https://bugs.launchpad.net/bugs/1899193Broken Link
https://security.netapp.com/advisory/ntap-20210108-0005/Third Party Advisory
https://usn.ubuntu.com/usn/usn-4667-1Vendor Advisory
https://www.debian.org/security/2020/dsa-4808Vendor Advisory
https://bugs.launchpad.net/bugs/1899193Broken Link
https://security.netapp.com/advisory/ntap-20210108-0005/Third Party Advisory
https://usn.ubuntu.com/usn/usn-4667-1Vendor Advisory
https://www.debian.org/security/2020/dsa-4808Vendor Advisory

FAQ

What is CVE-2020-27350?

CVE-2020-27350 is a vulnerability with a CVSS score of 5.7 (MEDIUM). APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfil...

How severe is CVE-2020-27350?

CVE-2020-27350 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27350?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Advanced Package Tool, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Solidfire Baseboard Management Controller Firmware, Netapp Solidfire Baseboard Management Controller.