2 matches found
Amazon Linux AMI : rpm (ALAS-2014-458)
It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during...
PT-2014-8414 · Rpm +5 · Rpm +5
Name of the Vulnerable Software and Affected Versions: RPM versions 4.12 and earlier Description: The issue is caused by an integer overflow in RPM, allowing remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file. This triggers a stack-based...