CVE-2016-1252
Description
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
5.955
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Advanced front-end for dpkg (USN-3156-1) apt_1.0.1ubuntu2.17_i386.deb | Linux |
| Advanced front-end for dpkg (USN-3156-1) apt_1.0.1ubuntu2.17_amd64.deb | Linux |
| Advanced front-end for dpkg (USN-3156-1) apt_1.2.15ubuntu0.2_i386.deb | Linux |
| Advanced front-end for dpkg (USN-3156-1) apt_1.2.15ubuntu0.2_amd64.deb | Linux |
| apt security update(DSA-3733-1) apt_1.0.9.8.4_kfreebsd-i386.deb | Linux |
| apt security update(DSA-3733-1) apt_1.0.9.8.4_kfreebsd-amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234