Описание
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
A flaw was found in RPM’s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Отчет
In order to exploit this flaw with rpm tooling as shipped in Red Hat Enterprise Linux, an attacker would need to already have root access to modify the rpm database.
Меры по смягчению последствий
If using the headerCheck() and headerImport() APIs in your software, do not run them on headers from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | rpm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | rpm | Out of support scope | ||
| Red Hat Enterprise Linux 9 | rpm | Not affected | ||
| Red Hat Enterprise Linux 8 | rpm | Fixed | RHSA-2021:4489 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | rpm | Fixed | RHSA-2021:4489 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
3.1 Low
CVSS3
Связанные уязвимости
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...
3.1 Low
CVSS3