Описание
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Отчет
This issue does not affect the version of rpm package as shipped with Red Hat Enterprise Linux 5 and 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | rpm | Not affected | ||
| Red Hat Enterprise Linux 5 | rpm | Not affected | ||
| Red Hat Enterprise Linux 6 | rpm | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | rpm | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.9 | rpm | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.2 | rpm | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.4 | rpm | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.5 | rpm | Not affected | ||
| Red Hat Enterprise Linux 7 | rpm | Fixed | RHSA-2014:1976 | 09.12.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS2
Связанные уязвимости
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
EPSS
7.6 High
CVSS2