6.8

CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RpmRpm Version <= 4.9.1.2
RpmRpm Version1.2
RpmRpm Version1.3
RpmRpm Version1.3.1
RpmRpm Version1.4
RpmRpm Version1.4.1
RpmRpm Version1.4.2
RpmRpm Version1.4.3
RpmRpm Version1.4.4
RpmRpm Version1.4.5
RpmRpm Version1.4.6
RpmRpm Version1.4.7
RpmRpm Version2.0
RpmRpm Version2.0.1
RpmRpm Version2.0.2
RpmRpm Version2.0.3
RpmRpm Version2.0.4
RpmRpm Version2.0.5
RpmRpm Version2.0.6
RpmRpm Version2.0.7
RpmRpm Version2.0.8
RpmRpm Version2.0.9
RpmRpm Version2.0.10
RpmRpm Version2.0.11
RpmRpm Version2.1
RpmRpm Version2.1.1
RpmRpm Version2.1.2
RpmRpm Version2.2
RpmRpm Version2.2.1
RpmRpm Version2.2.2
RpmRpm Version2.2.3
RpmRpm Version2.2.3.10
RpmRpm Version2.2.3.11
RpmRpm Version2.2.4
RpmRpm Version2.2.5
RpmRpm Version2.2.6
RpmRpm Version2.2.7
RpmRpm Version2.2.8
RpmRpm Version2.2.9
RpmRpm Version2.2.10
RpmRpm Version2.2.11
RpmRpm Version2.3
RpmRpm Version2.3.1
RpmRpm Version2.3.2
RpmRpm Version2.3.3
RpmRpm Version2.3.4
RpmRpm Version2.3.5
RpmRpm Version2.3.6
RpmRpm Version2.3.7
RpmRpm Version2.3.8
RpmRpm Version2.3.9
RpmRpm Version2.4.1
RpmRpm Version2.4.2
RpmRpm Version2.4.3
RpmRpm Version2.4.4
RpmRpm Version2.4.5
RpmRpm Version2.4.6
RpmRpm Version2.4.8
RpmRpm Version2.4.9
RpmRpm Version2.4.11
RpmRpm Version2.4.12
RpmRpm Version2.5
RpmRpm Version2.5.1
RpmRpm Version2.5.2
RpmRpm Version2.5.3
RpmRpm Version2.5.4
RpmRpm Version2.5.5
RpmRpm Version2.5.6
RpmRpm Version2.6.7
RpmRpm Version3.0
RpmRpm Version3.0.1
RpmRpm Version3.0.2
RpmRpm Version3.0.3
RpmRpm Version3.0.4
RpmRpm Version3.0.5
RpmRpm Version3.0.6
RpmRpm Version4.0.
RpmRpm Version4.0.1
RpmRpm Version4.0.2
RpmRpm Version4.0.3
RpmRpm Version4.0.4
RpmRpm Version4.1
RpmRpm Version4.3.3
RpmRpm Version4.4.2.1
RpmRpm Version4.4.2.2
RpmRpm Version4.4.2.3
RpmRpm Version4.5.90
RpmRpm Version4.6.0
RpmRpm Version4.6.0 Updaterc1
RpmRpm Version4.6.0 Updaterc2
RpmRpm Version4.6.0 Updaterc3
RpmRpm Version4.6.0 Updaterc4
RpmRpm Version4.6.1
RpmRpm Version4.7.0
RpmRpm Version4.7.1
RpmRpm Version4.7.2
RpmRpm Version4.8.0
RpmRpm Version4.8.1
RpmRpm Version4.9.0
RpmRpm Version4.9.0 Updatealpha
RpmRpm Version4.9.0 Updatebeta1
RpmRpm Version4.9.0 Updaterc1
RpmRpm Version4.9.1
RpmRpm Version4.9.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.78% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.ubuntu.com/usn/USN-1695-1
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
http://rhn.redhat.com/errata/RHSA-2012-0451.html
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29
http://rpm.org/wiki/Releases/4.9.1.3
http://secunia.com/advisories/48651
Vendor Advisory
http://secunia.com/advisories/48716
Vendor Advisory
http://secunia.com/advisories/49110
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
http://www.osvdb.org/81010
http://www.securityfocus.com/bid/52865
http://www.securitytracker.com/id?1026882
https://bugzilla.redhat.com/show_bug.cgi?id=744858
https://exchange.xforce.ibmcloud.com/vulnerabilities/74582
https://hermes.opensuse.org/messages/14440932
https://hermes.opensuse.org/messages/14441362