CVE-2020-27351

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

Published: Dec 10, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-27351
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.8
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
debian / advanced_package_tool	1.1.0\~beta1	1.1.0\~beta1ubuntu0.16.04.10
debian / advanced_package_tool	1.6.5ubuntu0	1.6.5ubuntu0.4
debian / advanced_package_tool	2.0.0ubuntu0	2.0.0ubuntu0.20.04.2
debian / advanced_package_tool	2.1.3ubuntu1	2.1.30ubuntu1.1
debian / advanced_package_tool	-	1.8.4.2

https://bugs.launchpad.net/bugs/1899193
https://usn.ubuntu.com/usn/usn-4668-1
https://www.debian.org/security/2020/dsa-4809

Vulnerability Database

CVE-2020-27351