CVE-2020-27351— Various memory and file descriptor leaks in apt-python
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-27351
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Various memory and file descriptor leaks in apt-python
Source: NVD (National Vulnerability Database)
Vulnerability Description
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对已超过有效生命周期的资源丧失索引
Source: NVD (National Vulnerability Database)
Vulnerability Title
Python-apt 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Python-apt是Python-apt团队的一个可支持Apt软件包管理工具的Pypi代码库。 python-apt 存在安全漏洞,该漏洞源于python-apt错误地处理了资源。一种本地攻击者可能会使用此问题来导致python-apt消耗资源,导致拒绝服务。以下产品及版本受到影响:python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Canonical | python-apt | 1.1.0~beta1 ~ 1.1.0~beta1ubuntu0.16.04.10 | - |
II. Public POCs for CVE-2020-27351
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-27351
请登录查看更多情报信息。
- https://bugs.launchpad.net/bugs/1899193x_refsource_MISC
- https://usn.ubuntu.com/usn/usn-4668-1x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-27351
IV. Related Vulnerabilities
Same vendor: Canonical
- CVE-2026-6970
authd Denial of Service and Local Privilege Escalation - CVE-2026-6369
Exposed Session Token in canonical-livepatch client snap - CVE-2026-5412
Juju CloudSpec API could leak senstive information - CVE-2026-5774
Juju API Server Denial of Service and Authentication Replay - CVE-2025-14551
Senstive information disclosure was affecting subiquity
Same weakness: CWE-772
- CVE-2026-3104
Memory leak in code preparing DNSSEC proofs of non-existence - CVE-2026-2261
blocklistd(8) socket leak - CVE-2026-20082
Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 - CVE-2026-2359
Multer vulnerable to Denial of Service via resource exhausti - CVE-2025-14969
Hibernate-reactive-core: hibernate reactive: denial of servi
V. Comments for CVE-2020-27351
No comments yet