Back to search
CVE-2012-0815
Published: Jun 4, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2012:0531
vendor-advisory
x_refsource_REDHAT
MDVSA-2012:056
vendor-advisory
x_refsource_MANDRIVA
1026882
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=744104
x_refsource_MISC
http://rpm.org/wiki/Releases/4.9.1.3
x_refsource_CONFIRM
48716
third-party-advisory
x_refsource_SECUNIA
48651
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:0451
vendor-advisory
x_refsource_REDHAT
FEDORA-2012-5421
vendor-advisory
x_refsource_FEDORA
52865
vdb-entry
x_refsource_BID
rpm-headerverifyinfo-code-execution(74581)
vdb-entry
x_refsource_XF
USN-1695-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2012:0588
vendor-advisory
x_refsource_SUSE
49110
third-party-advisory
x_refsource_SECUNIA
FEDORA-2012-5420
vendor-advisory
x_refsource_FEDORA
FEDORA-2012-5298
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2012:0589
vendor-advisory
x_refsource_SUSE
81009
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now