6.8

CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Data is provided by the National Vulnerability Database (NVD)
RpmRpm Version <= 4.9.1.2
RpmRpm Version1.2
RpmRpm Version1.3
RpmRpm Version1.3.1
RpmRpm Version1.4
RpmRpm Version1.4.1
RpmRpm Version1.4.2
RpmRpm Version1.4.3
RpmRpm Version1.4.4
RpmRpm Version1.4.5
RpmRpm Version1.4.6
RpmRpm Version1.4.7
RpmRpm Version2.0
RpmRpm Version2.0.1
RpmRpm Version2.0.2
RpmRpm Version2.0.3
RpmRpm Version2.0.4
RpmRpm Version2.0.5
RpmRpm Version2.0.6
RpmRpm Version2.0.7
RpmRpm Version2.0.8
RpmRpm Version2.0.9
RpmRpm Version2.0.10
RpmRpm Version2.0.11
RpmRpm Version2.1
RpmRpm Version2.1.1
RpmRpm Version2.1.2
RpmRpm Version2.2
RpmRpm Version2.2.1
RpmRpm Version2.2.2
RpmRpm Version2.2.3
RpmRpm Version2.2.3.10
RpmRpm Version2.2.3.11
RpmRpm Version2.2.4
RpmRpm Version2.2.5
RpmRpm Version2.2.6
RpmRpm Version2.2.7
RpmRpm Version2.2.8
RpmRpm Version2.2.9
RpmRpm Version2.2.10
RpmRpm Version2.2.11
RpmRpm Version2.3
RpmRpm Version2.3.1
RpmRpm Version2.3.2
RpmRpm Version2.3.3
RpmRpm Version2.3.4
RpmRpm Version2.3.5
RpmRpm Version2.3.6
RpmRpm Version2.3.7
RpmRpm Version2.3.8
RpmRpm Version2.3.9
RpmRpm Version2.4.1
RpmRpm Version2.4.2
RpmRpm Version2.4.3
RpmRpm Version2.4.4
RpmRpm Version2.4.5
RpmRpm Version2.4.6
RpmRpm Version2.4.8
RpmRpm Version2.4.9
RpmRpm Version2.4.11
RpmRpm Version2.4.12
RpmRpm Version2.5
RpmRpm Version2.5.1
RpmRpm Version2.5.2
RpmRpm Version2.5.3
RpmRpm Version2.5.4
RpmRpm Version2.5.5
RpmRpm Version2.5.6
RpmRpm Version2.6.7
RpmRpm Version3.0
RpmRpm Version3.0.1
RpmRpm Version3.0.2
RpmRpm Version3.0.3
RpmRpm Version3.0.4
RpmRpm Version3.0.5
RpmRpm Version3.0.6
RpmRpm Version4.0.
RpmRpm Version4.0.1
RpmRpm Version4.0.2
RpmRpm Version4.0.3
RpmRpm Version4.0.4
RpmRpm Version4.1
RpmRpm Version4.3.3
RpmRpm Version4.4.2.1
RpmRpm Version4.4.2.2
RpmRpm Version4.4.2.3
RpmRpm Version4.5.90
RpmRpm Version4.6.0
RpmRpm Version4.6.0 Updaterc1
RpmRpm Version4.6.0 Updaterc2
RpmRpm Version4.6.0 Updaterc3
RpmRpm Version4.6.0 Updaterc4
RpmRpm Version4.6.1
RpmRpm Version4.7.0
RpmRpm Version4.7.1
RpmRpm Version4.7.2
RpmRpm Version4.8.0
RpmRpm Version4.8.1
RpmRpm Version4.9.0
RpmRpm Version4.9.0 Updatealpha
RpmRpm Version4.9.0 Updatebeta1
RpmRpm Version4.9.0 Updaterc1
RpmRpm Version4.9.1
RpmRpm Version4.9.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.88% 0.892
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.