CVE-2014-0489

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-03 22:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-0489

Mitre link : CVE-2014-0489

CVE.ORG link : CVE-2014-0489


JSON object : View

Products Affected

debian

  • advanced_package_tool
CWE
CWE-20

Improper Input Validation