CVE-2014-0488

Advanced Package Tool - Improper Input Validation

Title source: llm
STIX 2.1

Description

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61286
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61275
Patch, Vendor Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2348-1
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3025

Scores

EPSS 0.0208
EPSS Percentile 79.3%

Details

CWE
CWE-20
Status published
Products (2)
debian/advanced_package_tool 1.0.3
debian/advanced_package_tool 1.0.7
Published Nov 03, 2014
Tracked Since Feb 18, 2026