CVE-2020-27351

LOW

python-apt <1.1.0~beta1ubuntu0.16.04.10, <1.6.5ubuntu0.4, <2.0.0ubu...

Title source: llm
STIX 2.1

Description

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

References (3)

Core 3
Core References
Broken Link x_refsource_misc
https://bugs.launchpad.net/bugs/1899193
Vendor Advisory x_refsource_misc
https://usn.ubuntu.com/usn/usn-4668-1
Vendor Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4809

Scores

CVSS v3 2.0
EPSS 0.0039
EPSS Percentile 30.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L

Details

CWE
CWE-772
Status published
Products (1)
debian/advanced_package_tool 1.1.0\~beta1 - 1.1.0\~beta1ubuntu0.16.04.10
Published Dec 10, 2020
Tracked Since Feb 18, 2026