cvedb.io
CVE-2018-0501
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2018-08-21T00:29:00.227 · Last modified 2026-06-17T01:31:00.483

Summary

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

Affected products

canonical — ubuntu_linux

Does this affect you?

Add your gear to cvedb and we'll alert you only when canonical ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.