CVE-2014-0488
EPSS 0.20%
Description
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
How to fix CVE-2014-0488
To remediate CVE-2014-0488, upgrade the affected package to a fixed version below.
- Debian/apt—upgrade to 1.0.9 or later
Is CVE-2014-0488 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.9