Unrated severityNVD Advisory· Published Apr 15, 2014· Updated May 6, 2026

CVE-2012-0214

Description

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Affected products

Advanced Package Tool/Advanced Package Tool6 versions
cpe:2.3:a:advanced_package_tool:advanced_package_tool:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:*:*:*:*:*:*:*:*range: <=0.8.16\~exp12
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:advanced_package_tool:advanced_package_tool:0.8.15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ubuntu.com/usn/USN-1385-1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000