Missing Release of Resource after Effective Lifetime in python-apt

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime. Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~~beta1 versions prior to 1.1.0~~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

Remediation

Upgrade python-apt to version or higher.

References

ADVISORY
CONFIRM
DEBIAN
UBUNTU

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

Low

CVE: CVE-2020-27351
CWE: CWE-772
Snyk ID: SNYK-DEBIAN10-PYTHONAPT-1050019
Disclosed: 10 Dec, 2020
Published: 10 Dec, 2020

Missing Release of Resource after Effective Lifetime
Affecting python-apt package, versions <1.8.4.2

Overview

Remediation

References

CVSS Score

Missing Release of Resource after Effective Lifetime Affecting python-apt package, versions <1.8.4.2

Overview

Remediation

References

Missing Release of Resource after Effective Lifetime
Affecting python-apt package, versions <1.8.4.2