CVE-2016-1252

MEDIUM

Debian jessie <1.0.9.8.4, Debian unstable <1.4~beta2, Ubuntu 14.04 ...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1252. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a memory allocation discrepancy in APT's handling of InRelease files to bypass signature validation, allowing an attacker to inject malicious repository metadata. The attack relies on ASLR and memory constraints to manipulate parsing behavior between the gpgv subprocess and the main apt-get process.

Description

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textremotelinux
https://www.exploit-db.com/exploits/40916

This exploit leverages a memory allocation discrepancy in APT's handling of InRelease files to bypass signature validation, allowing an attacker to inject malicious repository metadata. The attack relies on ASLR and memory constraints to manipulate parsing behavior between the gpgv subprocess and the main apt-get process.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Racy
Target: APT (Advanced Package Tool) on Debian-based systems
No auth needed
Prerequisites: 32-bit Debian system · ability to manipulate repository files · network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Issue Tracking, Vendor Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2016/dsa-3733
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3156-1
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html
Exploit, Issue Tracking, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40916/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1020

Scores

CVSS v3 5.9
EPSS 0.0725
EPSS Percentile 93.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-295
Status published
Products (4)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 16.10
debian/advanced_package_tool < 1.0.9.8.4
Published Dec 05, 2017
Tracked Since Feb 18, 2026