Vulnerability Details CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.9%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2014-0489
-
cpe:2.3:a:debian:advanced_package_tool:1.0.3
-
cpe:2.3:a:debian:advanced_package_tool:1.0.5
-
cpe:2.3:a:debian:advanced_package_tool:1.0.7