7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.6%
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | rpm | < 4.11.3-1.1 | rpm_4.11.3-1.1_all.deb |
Debian | 11 | all | rpm | < 4.11.3-1.1 | rpm_4.11.3-1.1_all.deb |
Debian | 10 | all | rpm | < 4.11.3-1.1 | rpm_4.11.3-1.1_all.deb |
Debian | 999 | all | rpm | < 4.11.3-1.1 | rpm_4.11.3-1.1_all.deb |
Debian | 13 | all | rpm | < 4.11.3-1.1 | rpm_4.11.3-1.1_all.deb |