It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Improper Verification of Cryptographic Signature
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/apt | deb | debian | 12 | >=2.6.1 | Not yet available |
| debian/apt | deb | debian | 10 | >=1.8.2.3 | Not yet available |
| debian/apt | deb | debian | 11 | >=2.2.4 | Not yet available |
| debian/apt | deb | debian | 13 | >=2.9.3 | Not yet available |
| debian/apt | deb | debian | unstable | >=2.9.3 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.2
2.2
-
-