{"id":"CVE-2020-3810","details":"Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.","modified":"2026-04-10T04:25:59.917123Z","published":"2020-05-15T14:15:11.887Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-security-announce/2020/msg00089.html"},{"type":"ADVISORY","url":"https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4359-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4359-2/"},{"type":"REPORT","url":"https://bugs.launchpad.net/bugs/1878177"},{"type":"FIX","url":"https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"},{"type":"EVIDENCE","url":"https://github.com/Debian/apt/issues/111"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Debian/apt","events":[{"introduced":"0"},{"fixed":"fb6366c55faff93bd7c897d2f299d38c4acf5e89"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.2"}]}}],"versions":["0.7.21","0.7.22","0.7.22.1","0.7.23","0.7.23.1","0.7.24","0.7.25","0.7.25.1","0.7.25.3","0.8.0","0.8.1","0.8.10","0.8.10.1","0.8.10.2","0.8.10.3","0.8.11","0.8.11.1","0.8.11.2","0.8.11.3","0.8.11.4","0.8.11.5","0.8.12","0.8.13","0.8.13.1","0.8.13.2","0.8.14","0.8.14.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","0.9.0","1.1","1.1.1","1.1.10","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.1.exp1","1.1.exp10","1.1.exp11","1.1.exp12","1.1.exp13","1.1.exp2","1.1.exp4","1.1.exp5","1.1.exp6","1.1.exp7","1.1.exp8","1.1.exp9","1.1_exp14","1.1_exp15","1.1_exp16","1.2","1.2.1","1.2.10","1.2.11","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.2_exp1","1.3","1.3.1","1.3_exp1","1.3_exp2","1.3_exp3","1.3_pre1","1.3_pre2","1.3_pre3","1.3_rc1","1.3_rc2","1.3_rc3","1.3_rc4","1.4","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4_beta1","1.4_beta2","1.4_beta3","1.4_beta4","1.4_rc1","1.4_rc2","1.5","1.5_alpha1","1.5_alpha2","1.5_alpha3","1.5_alpha4","1.5_beta1","1.5_beta2","1.5_rc1","1.5_rc2","1.5_rc3","1.5_rc4","1.6_alpha1","1.6_alpha2","1.6_alpha3","1.6_alpha4","1.6_alpha5","1.6_alpha6","1.6_alpha7","1.6_beta1","1.6_rc1","1.7.0","1.7.0_alpha0","1.7.0_alpha1","1.7.0_alpha2","1.7.0_alpha3","1.7.0_rc1","1.7.0_rc2","1.8.0_alpha1","1.8.0_alpha2","1.8.0_alpha3","1.8.0_beta1","1.8.0_rc1","1.8.0_rc2","1.9.0","1.9.1","1.9.10","1.9.11","1.9.12","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-3810.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}