Back to search
CVE-2012-0060
Published: Jun 4, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2012:0531
vendor-advisory
x_refsource_REDHAT
MDVSA-2012:056
vendor-advisory
x_refsource_MANDRIVA
1026882
vdb-entry
x_refsource_SECTRACK
http://rpm.org/wiki/Releases/4.9.1.3
x_refsource_CONFIRM
48716
third-party-advisory
x_refsource_SECUNIA
81010
vdb-entry
x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=744858
x_refsource_MISC
48651
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:0451
vendor-advisory
x_refsource_REDHAT
FEDORA-2012-5421
vendor-advisory
x_refsource_FEDORA
52865
vdb-entry
x_refsource_BID
USN-1695-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2012:0588
vendor-advisory
x_refsource_SUSE
49110
third-party-advisory
x_refsource_SECUNIA
rpm-loadsigverify-code-execution(74582)
vdb-entry
x_refsource_XF
FEDORA-2012-5420
vendor-advisory
x_refsource_FEDORA
FEDORA-2012-5298
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2012:0589
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now