7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.091 Low
EPSS
Percentile
94.6%
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute
arbitrary code via a crafted RPM file whose installation extracts the
contents to temporary files before validating the signature, as
demonstrated by installing a file in the /etc/cron.d directory.