CVE-2021-32556 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-32556

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

Published: Jun 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32556
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
canonical / apport	2.20.1	2.20.1-0ubuntu2.30\+esm1
canonical / apport	2.20.9	2.20.9-0ubuntu7.24
canonical / apport	2.20.11-0ubuntu27	2.20.11-0ubuntu27.18
canonical / apport	2.14.1-0ubuntu3	2.14.1-0ubuntu3.29\+esm7
canonical / apport	2.20.11-0ubuntu50	2.20.11-0ubuntu50.7
canonical / apport	2.20.11-0ubuntu65	2.20.11-0ubuntu65.1

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904