CVE-2012-3587
EPSS 0.11%
Description
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
How to fix CVE-2012-3587
To remediate CVE-2012-3587, upgrade the affected package to a fixed version below.
- Debian/apt—upgrade to 0.7.25 or later
Is CVE-2012-3587 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.7.25