CVE-2020-27350

Name of the Vulnerable Software and Affected Versions apt versions 1.2.32ubuntu0 through 1.2.32ubuntu0.1 apt versions 1.6.12ubuntu0 through 1.6.12ubuntu0.1 apt versions 2.0.2ubuntu0 through 2.0.2ubuntu0.1 apt versions 2.1.10ubuntu0 through 2.1.10ubuntu0.0

Description The issue is related to integer overflows and underflows in the apt package manager while parsing .deb packages. This can be exploited to gain access to confidential data, disrupt data integrity, and cause a denial of service. The affected files are apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc.

Recommendations For apt version 1.2.32ubuntu0, update to version 1.2.32ubuntu0.2 or later. For apt version 1.6.12ubuntu0, update to version 1.6.12ubuntu0.2 or later. For apt version 2.0.2ubuntu0, update to version 2.0.2ubuntu0.2 or later. For apt version 2.1.10ubuntu0, update to version 2.1.10ubuntu0.1 or later.