CVE-2020-15701

MEDIUM

Canonical Apport - Improper Exception Handling

Title source: rule

Description

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

References (4)

[Exploit, Issue Tracking, Third Party Advisory] https://launchpad.net/bugs/1877023

[Vendor Advisory] https://usn.ubuntu.com/4449-1

[Vendor Advisory] https://usn.ubuntu.com/4449-1/

[Vendor Advisory] https://usn.ubuntu.com/4449-2/

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (50)

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

canonical/apport

... and 35 more

Timeline

Published Aug 06, 2020

Tracked Since Feb 18, 2026