6.8

CVE-2012-0815

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RpmRpm Version <= 4.9.1.2
RpmRpm Version1.2
RpmRpm Version1.3
RpmRpm Version1.3.1
RpmRpm Version1.4
RpmRpm Version1.4.1
RpmRpm Version1.4.2
RpmRpm Version1.4.3
RpmRpm Version1.4.4
RpmRpm Version1.4.5
RpmRpm Version1.4.6
RpmRpm Version1.4.7
RpmRpm Version2.0
RpmRpm Version2.0.1
RpmRpm Version2.0.2
RpmRpm Version2.0.3
RpmRpm Version2.0.4
RpmRpm Version2.0.5
RpmRpm Version2.0.6
RpmRpm Version2.0.7
RpmRpm Version2.0.8
RpmRpm Version2.0.9
RpmRpm Version2.0.10
RpmRpm Version2.0.11
RpmRpm Version2.1
RpmRpm Version2.1.1
RpmRpm Version2.1.2
RpmRpm Version2.2
RpmRpm Version2.2.1
RpmRpm Version2.2.2
RpmRpm Version2.2.3
RpmRpm Version2.2.3.10
RpmRpm Version2.2.3.11
RpmRpm Version2.2.4
RpmRpm Version2.2.5
RpmRpm Version2.2.6
RpmRpm Version2.2.7
RpmRpm Version2.2.8
RpmRpm Version2.2.9
RpmRpm Version2.2.10
RpmRpm Version2.2.11
RpmRpm Version2.3
RpmRpm Version2.3.1
RpmRpm Version2.3.2
RpmRpm Version2.3.3
RpmRpm Version2.3.4
RpmRpm Version2.3.5
RpmRpm Version2.3.6
RpmRpm Version2.3.7
RpmRpm Version2.3.8
RpmRpm Version2.3.9
RpmRpm Version2.4.1
RpmRpm Version2.4.2
RpmRpm Version2.4.3
RpmRpm Version2.4.4
RpmRpm Version2.4.5
RpmRpm Version2.4.6
RpmRpm Version2.4.8
RpmRpm Version2.4.9
RpmRpm Version2.4.11
RpmRpm Version2.4.12
RpmRpm Version2.5
RpmRpm Version2.5.1
RpmRpm Version2.5.2
RpmRpm Version2.5.3
RpmRpm Version2.5.4
RpmRpm Version2.5.5
RpmRpm Version2.5.6
RpmRpm Version2.6.7
RpmRpm Version3.0
RpmRpm Version3.0.1
RpmRpm Version3.0.2
RpmRpm Version3.0.3
RpmRpm Version3.0.4
RpmRpm Version3.0.5
RpmRpm Version3.0.6
RpmRpm Version4.0.
RpmRpm Version4.0.1
RpmRpm Version4.0.2
RpmRpm Version4.0.3
RpmRpm Version4.0.4
RpmRpm Version4.1
RpmRpm Version4.3.3
RpmRpm Version4.4.2.1
RpmRpm Version4.4.2.2
RpmRpm Version4.4.2.3
RpmRpm Version4.5.90
RpmRpm Version4.6.0
RpmRpm Version4.6.0 Updaterc1
RpmRpm Version4.6.0 Updaterc2
RpmRpm Version4.6.0 Updaterc3
RpmRpm Version4.6.0 Updaterc4
RpmRpm Version4.6.1
RpmRpm Version4.7.0
RpmRpm Version4.7.1
RpmRpm Version4.7.2
RpmRpm Version4.8.0
RpmRpm Version4.8.1
RpmRpm Version4.9.0
RpmRpm Version4.9.0 Updatealpha
RpmRpm Version4.9.0 Updatebeta1
RpmRpm Version4.9.0 Updaterc1
RpmRpm Version4.9.1
RpmRpm Version4.9.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.28% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.ubuntu.com/usn/USN-1695-1
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
http://rhn.redhat.com/errata/RHSA-2012-0451.html
http://rpm.org/wiki/Releases/4.9.1.3
Patch
http://secunia.com/advisories/48651
Vendor Advisory
http://secunia.com/advisories/48716
Vendor Advisory
http://secunia.com/advisories/49110
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
http://www.securityfocus.com/bid/52865
http://www.securitytracker.com/id?1026882
https://hermes.opensuse.org/messages/14440932
https://hermes.opensuse.org/messages/14441362
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
http://www.osvdb.org/81009
https://bugzilla.redhat.com/show_bug.cgi?id=744104
https://exchange.xforce.ibmcloud.com/vulnerabilities/74581