Lucene search

[email protected]NVD:CVE-2012-0815

HistoryJun 04, 2012 - 8:55 p.m.

CVE-2012-0815

2012-06-0420:55:01

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.3

Confidence

High

EPSS

0.058

Percentile

93.4%

JSON

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

Affected configurations

Nvd

Node

rpmrpmRange≤4.9.1.2

rpmrpmMatch1.2

rpmrpmMatch1.3

rpmrpmMatch1.3.1

rpmrpmMatch1.4

rpmrpmMatch1.4.1

rpmrpmMatch1.4.2

rpmrpmMatch1.4.2\/a

rpmrpmMatch1.4.3

rpmrpmMatch1.4.4

rpmrpmMatch1.4.5

rpmrpmMatch1.4.6

rpmrpmMatch1.4.7

rpmrpmMatch2.0

rpmrpmMatch2.0.1

rpmrpmMatch2.0.2

rpmrpmMatch2.0.3

rpmrpmMatch2.0.4

rpmrpmMatch2.0.5

rpmrpmMatch2.0.6

rpmrpmMatch2.0.7

rpmrpmMatch2.0.8

rpmrpmMatch2.0.9

rpmrpmMatch2.0.10

rpmrpmMatch2.0.11

rpmrpmMatch2.1

rpmrpmMatch2.1.1

rpmrpmMatch2.1.2

rpmrpmMatch2.2

rpmrpmMatch2.2.1

rpmrpmMatch2.2.2

rpmrpmMatch2.2.3

rpmrpmMatch2.2.3.10

rpmrpmMatch2.2.3.11

rpmrpmMatch2.2.4

rpmrpmMatch2.2.5

rpmrpmMatch2.2.6

rpmrpmMatch2.2.7

rpmrpmMatch2.2.8

rpmrpmMatch2.2.9

rpmrpmMatch2.2.10

rpmrpmMatch2.2.11

rpmrpmMatch2.3

rpmrpmMatch2.3.1

rpmrpmMatch2.3.2

rpmrpmMatch2.3.3

rpmrpmMatch2.3.4

rpmrpmMatch2.3.5

rpmrpmMatch2.3.6

rpmrpmMatch2.3.7

rpmrpmMatch2.3.8

rpmrpmMatch2.3.9

rpmrpmMatch2.4.1

rpmrpmMatch2.4.2

rpmrpmMatch2.4.3

rpmrpmMatch2.4.4

rpmrpmMatch2.4.5

rpmrpmMatch2.4.6

rpmrpmMatch2.4.8

rpmrpmMatch2.4.9

rpmrpmMatch2.4.11

rpmrpmMatch2.4.12

rpmrpmMatch2.5

rpmrpmMatch2.5.1

rpmrpmMatch2.5.2

rpmrpmMatch2.5.3

rpmrpmMatch2.5.4

rpmrpmMatch2.5.5

rpmrpmMatch2.5.6

rpmrpmMatch2.6.7

rpmrpmMatch3.0

rpmrpmMatch3.0.1

rpmrpmMatch3.0.2

rpmrpmMatch3.0.3

rpmrpmMatch3.0.4

rpmrpmMatch3.0.5

rpmrpmMatch3.0.6

rpmrpmMatch4.0.

rpmrpmMatch4.0.1

rpmrpmMatch4.0.2

rpmrpmMatch4.0.3

rpmrpmMatch4.0.4

rpmrpmMatch4.1

rpmrpmMatch4.3.3

rpmrpmMatch4.4.2.1

rpmrpmMatch4.4.2.2

rpmrpmMatch4.4.2.3

rpmrpmMatch4.5.90

rpmrpmMatch4.6.0

rpmrpmMatch4.6.0rc1

rpmrpmMatch4.6.0rc2

rpmrpmMatch4.6.0rc3

rpmrpmMatch4.6.0rc4

rpmrpmMatch4.6.1

rpmrpmMatch4.7.0

rpmrpmMatch4.7.1

rpmrpmMatch4.7.2

rpmrpmMatch4.8.0

rpmrpmMatch4.8.1

rpmrpmMatch4.9.0

rpmrpmMatch4.9.0alpha

rpmrpmMatch4.9.0beta1

rpmrpmMatch4.9.0rc1

rpmrpmMatch4.9.1

rpmrpmMatch4.9.1.1

VendorProductVersionCPE
rpmrpm*cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
rpmrpm1.2cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
rpmrpm1.3cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
rpmrpm1.3.1cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
rpmrpm1.4cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
rpmrpm1.4.1cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*
rpmrpm1.4.2cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
rpmrpm1.4.2/acpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
rpmrpm1.4.3cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
rpmrpm1.4.4cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rpm	rpm	*	cpe:2.3:a:rpm:rpm::::::::
rpm	rpm	1.2	cpe:2.3:a:rpm:rpm:1.2:::::::*
rpm	rpm	1.3	cpe:2.3:a:rpm:rpm:1.3:::::::*
rpm	rpm	1.3.1	cpe:2.3:a:rpm:rpm:1.3.1:::::::*
rpm	rpm	1.4	cpe:2.3:a:rpm:rpm:1.4:::::::*
rpm	rpm	1.4.1	cpe:2.3:a:rpm:rpm:1.4.1:::::::*
rpm	rpm	1.4.2	cpe:2.3:a:rpm:rpm:1.4.2:::::::*
rpm	rpm	1.4.2/a	cpe:2.3:a:rpm:rpm:1.4.2\/a:::::::*
rpm	rpm	1.4.3	cpe:2.3:a:rpm:rpm:1.4.3:::::::*
rpm	rpm	1.4.4	cpe:2.3:a:rpm:rpm:1.4.4:::::::*