CVE-2014-0488

EUVD-2014-0519
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
debianadvanced_package_tool
1.0.3
debianadvanced_package_tool
1.0.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bookworm
2.6.1
fixed
bullseye
2.2.4
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
lucid
Fixed 0.7.25.3ubuntu9.16
released
precise
Fixed 0.8.16~exp12ubuntu10.19
released
trusty
Fixed 1.0.1ubuntu2.3
released
Common Weakness Enumeration
References
http://secunia.com/advisories/61275
http://secunia.com/advisories/61286
http://ubuntu.com/usn/usn-2348-1
http://www.debian.org/security/2014/dsa-3025
http://secunia.com/advisories/61275
http://secunia.com/advisories/61286
http://ubuntu.com/usn/usn-2348-1
http://www.debian.org/security/2014/dsa-3025