Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24973

HistoryApr 10, 2020 - 1:10 a.m.

Arbitrary Code Execution

2020-04-1001:10:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

18

EPSS

0.058

Percentile

93.4%

rpm is vulnerable to arbitrary code execution. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code.

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html

rhn.redhat.com/errata/RHSA-2012-0451.html

rhn.redhat.com/errata/RHSA-2012-0531.html

rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b

rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6

rpm.org/wiki/Releases/4.9.1.3

secunia.com/advisories/48651

secunia.com/advisories/48716

secunia.com/advisories/49110

www.mandriva.com/security/advisories?name=MDVSA-2012:056

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.osvdb.org/81009

www.securityfocus.com/bid/52865

www.securitytracker.com/id?1026882

www.ubuntu.com/usn/USN-1695-1

access.redhat.com/errata/RHSA-2012:0451

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=744104

exchange.xforce.ibmcloud.com/vulnerabilities/74581

hermes.opensuse.org/messages/14440932

hermes.opensuse.org/messages/14441362

EPSS

0.058

Percentile

93.4%

Related for VERACODE:24973

cve2 ubuntucve1 debiancve1 cvelist1 prion1 nvd2 nessus23 centos1 openvas25 oraclelinux1 fedora3 amazon1 redhat2 ubuntu1 debian1 osv1 gentoo1 vmware2