Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-3378

Опубликовано: 27 сент. 2011
Источник: redhat
CVSS2: 7.6

Описание

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 5.3rpmAffected
Red Hat Enterprise Linux Extended Update Support 5.6rpmAffected
Red Hat Enterprise Linux 3 Extended Lifecycle SupportrpmFixedRHSA-2011:134903.10.2011
Red Hat Enterprise Linux 4rpmFixedRHSA-2011:134903.10.2011
Red Hat Enterprise Linux 5rpmFixedRHSA-2011:134903.10.2011
Red Hat Enterprise Linux 5.3 Long LiferpmFixedRHSA-2011:134903.10.2011
Red Hat Enterprise Linux 6rpmFixedRHSA-2011:134903.10.2011
Red Hat Enterprise Linux 6.0 EUS - Server OnlyrpmFixedRHSA-2011:134903.10.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-228->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=741606rpm: crashes and overflows on malformed header

7.6 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-3378

ubuntu
больше 13 лет назад

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

nvd логотип

CVE-2011-3378

nvd
больше 13 лет назад

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

debian логотип

CVE-2011-3378

debian
больше 13 лет назад

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...

github логотип

GHSA-34ff-v8wx-w9f5

github
около 3 лет назад

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

oracle-oval логотип

ELSA-2011-1349

oracle-oval
больше 13 лет назад

ELSA-2011-1349: rpm security update (IMPORTANT)

7.6 High

CVSS2