CVE-2014-0490

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-03 22:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-0490

Mitre link : CVE-2014-0490

CVE.ORG link : CVE-2014-0490


JSON object : View

Products Affected

debian

  • advanced_package_tool

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation