CVE-2012-0214

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Published: Apr 16, 2014
Updated: Apr 13, 2023
CVE: CVE-2012-0214
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
advanced_package_tool / advanced_package_tool	0.8.13	0.8.13.x
advanced_package_tool / advanced_package_tool	0.8.14	0.8.14.x
advanced_package_tool / advanced_package_tool	0.8.15	0.8.15.x
advanced_package_tool / advanced_package_tool	-	0.8.16\~exp12.x
advanced_package_tool / advanced_package_tool	0.8.12	0.8.12.x
advanced_package_tool / advanced_package_tool	0.8.11	0.8.11.x

Vulnerability Database

CVE-2012-0214