Описание
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
A flaw was found in rpm. The rpmpkgRead function in lib/package.c in the RPM package does not return an error code in certain situations involving an "unparseable signature." This flaw allows remote attackers to bypass RPM signature checks via a crafted package.
Отчет
Not vulnerable. This issue did not affect the versions of rpm as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the upstream commit e8bc3ff5d780f4ee6656c24464402723e5fb04f4 that introduced this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | rpm | Not affected | ||
| Red Hat Enterprise Linux 7 | rpm | Not affected | ||
| Red Hat Enterprise Linux 8 | rpm | Not affected | ||
| Red Hat Enterprise Linux 9 | rpm | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
EPSS
6.2 Medium
CVSS3