CVE-2020-27351
python-apt - security update
2.8
LOW
CVSS 3.1
EPSS 0.06%
Description
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
How to fix CVE-2020-27351
To remediate CVE-2020-27351, upgrade the affected package to a fixed version below.
- —upgrade to 2.1.7 or later
- —upgrade to 1.4.2 or later
- —upgrade to 1.8.4.2 or later
Is CVE-2020-27351 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.1.7
- from 0, < 1.4.2
- from 0, < 1.8.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |