CVE-2020-3810
- Source
- https://cve.org/CVERecord?id=CVE-2020-3810
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-3810.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-3810
- Downstream
- Published
- 2020-05-15T14:15:11.887Z
- Modified
- 2026-03-15T22:38:14.972549Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/
- https://lists.debian.org/debian-security-announce/2020/msg00089.html
- https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/
- https://usn.ubuntu.com/4359-1/
- https://usn.ubuntu.com/4359-2/
- https://bugs.launchpad.net/bugs/1878177
- https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6
- https://github.com/Debian/apt/issues/111
Affected packages
Git / github.com/Debian/apt
Affected versions
0.*
0.7.21
0.7.22
0.7.22.1
0.7.23
0.7.23.1
0.7.24
0.7.24ubuntu1
0.7.25
0.7.25.1
0.7.25.3
0.7.25.3ubuntu1
0.7.25.3ubuntu2
0.7.25.3ubuntu3
0.7.25.3ubuntu4
0.7.25.3ubuntu5
0.7.25.3ubuntu6
0.7.25.3ubuntu7
0.7.25.3ubuntu8
0.7.25ubuntu1
0.8.0
0.8.1
0.8.10
0.8.10.1
0.8.10.2
0.8.10.3
0.8.11
0.8.11.1
0.8.11.2
0.8.11.3
0.8.11.4
0.8.11.5
0.8.12
0.8.13
0.8.13.1
0.8.13.2
0.8.14
0.8.14.1
0.8.15
0.8.15.1
0.8.15.2
0.8.15.3
0.8.15.4
0.8.15.5
0.8.15.6
0.8.15.7
0.8.15.8
0.8.15.9
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1
0.9.10
0.9.11
0.9.11.1
0.9.11.2
0.9.11.3
0.9.12.1
0.9.13.1
0.9.13.exp1
0.9.13_exp1
0.9.14
0.9.14.2
0.9.14.3.exp1
0.9.14.3.exp2
0.9.14.3.exp3
0.9.14.3.exp5
0.9.15
0.9.15.2
0.9.15.4
0.9.15.5
0.9.16
0.9.16.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.5.1
0.9.6
0.9.7
0.9.7.1
0.9.7.2
0.9.7.3
0.9.7.4
0.9.7.5
0.9.7.6
0.9.7.7
0.9.7.8
0.9.8
0.9.8.1
0.9.9
0.9.9.1
0.9.9.2
0.9.9.3
0.9.9.4
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9.1
1.0.9.2
1.0.9.3
1.0.9.4
1.0.9.5
1.0.9.6
1.0.9.7
1.0.9.9
1.1
1.1.1
1.1.10
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.exp1
1.1.exp10
1.1.exp11
1.1.exp12
1.1.exp13
1.1.exp2
1.1.exp4
1.1.exp5
1.1.exp6
1.1.exp7
1.1.exp8
1.1.exp9
1.1_exp14
1.1_exp15
1.1_exp16
1.2
1.2.1
1.2.10
1.2.11
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2_exp1
1.3
1.3.1
1.3_exp1
1.3_exp2
1.3_exp3
1.3_pre1
1.3_pre2
1.3_pre3
1.3_pre3+cmake1
1.3_pre3+cmake2
1.3_rc1
1.3_rc2
1.3_rc3
1.3_rc4
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4_beta1
1.4_beta2
1.4_beta3
1.4_beta4
1.4_rc1
1.4_rc2
1.5
1.5_alpha1
1.5_alpha2
1.5_alpha3
1.5_alpha4
1.5_beta1
1.5_beta2
1.5_rc1
1.5_rc2
1.5_rc3
1.5_rc4
1.6_alpha1
1.6_alpha2
1.6_alpha3
1.6_alpha4
1.6_alpha5
1.6_alpha6
1.6_alpha7
1.6_beta1
1.6_rc1
1.7.0
1.7.0_alpha0
1.7.0_alpha1
1.7.0_alpha2
1.7.0_alpha3
1.7.0_rc1
1.7.0_rc2
1.8.0
1.8.0_alpha1
1.8.0_alpha2
1.8.0_alpha3
1.8.0_alpha3.1
1.8.0_beta1
1.8.0_rc1
1.8.0_rc2
1.8.0_rc3
1.8.0_rc4
1.8.1
1.8.2
1.9.0
1.9.1
1.9.10
1.9.11
1.9.12
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.04"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-3810.json"