CVE-2019-3462

Summary

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Affected Software

VendorProductVersion RangeStatus
Debian GNU/Linuxapt as used in Debian Stretch and Ubuntu1.4.8 and earlieraffected

Weaknesses

  • Remote code execution in apt

ADP Enrichment

CVE Program Container

Additional References

References