U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

Published: December 16, 2014; 1:59:06 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Published: December 16, 2014; 1:59:00 PM -0500
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2012-0815

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

Published: June 04, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0061

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

Published: June 04, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Published: June 04, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM