VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 6, 2020· Updated Sep 16, 2024

Unhandled exception in apport

CVE-2020-15701

Description

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local attacker can cause Apport crash by crafting apport-ignore.xml with string mtime, leading to denial of service.

Vulnerability

An unhandled exception in check_ignored() in apport/report.py occurs when the mtime attribute in apport-ignore.xml is a string value instead of a number. This can be triggered by a local attacker. The issue affects Apport versions 2.20.11 and earlier [3]. The flaw is in improper exception handling of the mtime attribute [3].

Exploitation

A local attacker provides a crafted apport-ignore.xml file with a string mtime attribute (e.g., mtime="string"). When Apport processes this file, float(ignore.getAttribute('mtime')) raises a ValueError exception, which is not caught, causing the application to crash. No special privileges are required beyond local access to modify the configuration file [3].

Impact

Successful exploitation results in a denial of service: the Apport service crashes, preventing automatic crash report generation. This disrupts system functionality for crash reporting [1][2][3].

Mitigation

The fix is included in Apport versions 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, and 2.20.11-0ubuntu27.6 [1][2]. Users should upgrade their apport package to the latest version. There is no known workaround; however, the vulnerability requires local access, so limiting local user trust can mitigate risk.

References
  1. USN-4449-2: Apport vulnerabilities | Ubuntu security notices | Ubuntu
  2. USN-4449-1: Apport vulnerabilities | Ubuntu security notices | Ubuntu
  3. Bug #1877023 “Unhandled exception in check_ignored()” : Bugs : apport package : Ubuntu

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.