CVE-2011-3374

ADVISORY - debian

Summary

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

apt (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480) Not exploitable in Debian, since no keyring URI is defined

EPSS Score⁠: 0.0155 (0.805)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-347⁠

Improper Verification of Cryptographic Signature

Impacted images

Advisories

Debian

CREATED

5 years ago

UPDATED

11 days ago

ADVISORY IDCVE-2011-3374⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/apt	deb	debian	12	>=2.6.1	Not yet available
debian/apt	deb	debian	11	>=2.2.4	Not yet available
debian/apt	deb	debian	13	>=3.0.1	Not yet available
debian/apt	deb	debian	unstable	>=3.0.1	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

5 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2011-3374⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-347⁠

CVSS SCORE

3.7low

Ubuntu

CREATED

5 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2011-3374⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

3.7critical

intheWild

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2011-3374⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY