PT-2020-5441 · Canonical+2 · Add-Apt-Repository+3

Published

2020-08-03

Updated

2020-09-16

CVE-2020-15709

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions add-apt-repository versions prior to 0.98.9.2 add-apt-repository versions prior to 0.96.24.32.14 add-apt-repository versions prior to 0.96.20.10 add-apt-repository versions prior to 0.92.37.8ubuntu0.1~esm1

Description The issue arises due to insufficient input validation in the add-apt-repository utility, allowing PPA owners to provide ANSI terminal escapes. This could modify terminal contents in unexpected ways, potentially compromising the integrity of protected information.

Recommendations For versions prior to 0.98.9.2, update to version 0.98.9.2 or later. For versions prior to 0.96.24.32.14, update to version 0.96.24.32.14 or later. For versions prior to 0.96.20.10, update to version 0.96.20.10 or later. For versions prior to 0.92.37.8ubuntu0.1~~esm1, update to version 0.92.37.8ubuntu0.1~~esm1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-00562

CVE-2020-15709

DLA-2339-1

USN-4457-1

USN-4457-2

Affected Products

Debian

Linuxmint

Ubuntu

Add-Apt-Repository

PT-2020-5441 · Canonical+2 · Add-Apt-Repository+3

CVE-2020-15709

Weakness Enumeration

Related Identifiers

Affected Products

References · 15