Rpm@4.8.1 Security Vulnerabilities and Issues — Rpm@4.8.1 CVE List

Lucene search

RpmRpm4.8.1

5 matches found

CVE•added 2014/12/16 6:59 p.m.•147 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

7.6CVSS7.6AI score0.06749EPSS

CVE•added 2014/12/16 6:59 p.m.•87 views

CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

10CVSS7.8AI score0.11803EPSS

CVE•added 2012/06/04 8:55 p.m.•82 views

CVE-2012-0815

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

6.8CVSS8.6AI score0.06991EPSS

CVE•added 2012/06/04 8:55 p.m.•70 views

CVE-2012-0061

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

6.8CVSS8.6AI score0.06568EPSS

CVE•added 2012/06/04 8:55 p.m.•65 views

CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

6.8CVSS8.7AI score0.06486EPSS