{"id":"CVE-2018-0501","details":"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.","modified":"2026-03-14T14:31:03.960834Z","published":"2018-08-21T00:29:00.227Z","references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3746-1/"},{"type":"ADVISORY","url":"https://mirror.fail"},{"type":"FIX","url":"https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"},{"type":"FIX","url":"https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"1.6.0"},{"fixed":"1.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-alpha"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-alpha1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-alpha2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0501.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}