Medium severity5.9NVD Advisory· Published Dec 5, 2017· Updated May 13, 2026
CVE-2016-1252
CVE-2016-1252
Description
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugs.chromium.org/p/project-zero/issues/detailnvdExploitIssue TrackingThird Party Advisory
- bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467nvdExploitIssue TrackingThird Party Advisory
- www.exploit-db.com/exploits/40916/nvdExploitIssue TrackingThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.htmlnvdIssue TrackingThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-3156-1nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3733nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.