CVE-2020-15701

moderate-risk
Published 2020-08-06

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport
Apport

Affected Vendors

Canonical

References (8)

Exploit https://launchpad.net/bugs/1877023
Vendor Advisory https://usn.ubuntu.com/4449-1
Vendor Advisory https://usn.ubuntu.com/4449-1/
Vendor Advisory https://usn.ubuntu.com/4449-2/
Exploit https://launchpad.net/bugs/1877023
Vendor Advisory https://usn.ubuntu.com/4449-1
Vendor Advisory https://usn.ubuntu.com/4449-1/
Vendor Advisory https://usn.ubuntu.com/4449-2/
49
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 30/34 · Critical