CVE-2020-27351

Summary

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0beta1 versions prior to 1.1.0beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

Affected Software

VendorProductVersion RangeStatus
Canonicalpython-apt1.1.0~beta1 < 1.1.0~beta1ubuntu0.16.04.10affected
Canonicalpython-apt1.6.5ubuntu0 < 1.6.5ubuntu0.4affected
Canonicalpython-apt2.0.0ubuntu0 < 2.0.0ubuntu0.20.04.2affected
Canonicalpython-apt2.1.3ubuntu1 < 2.1.3ubuntu1.1affected

Weaknesses

  • CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime

ADP Enrichment

CVE Program Container

Additional References

References