← volver
CVE-2012-0815

CVE-2012-0815

EPSS 4.3%
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0451.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86bhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6http://rpm.org/wiki/Releases/4.9.1.3https://bugzilla.redhat.com/show_bug.cgi?id=744104http://secunia.com/advisories/48651http://secunia.com/advisories/48716http://secunia.com/advisories/49110