Описание
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.9.1.3-2 |
| hardy | ignored | end of life |
| lucid | released | 4.7.2-1lubuntu0.1 |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | released | 4.9.0-7ubuntu0.1 |
| precise | released | 4.9.1.1-1ubuntu0.1 |
| quantal | not-affected | 4.9.1.3-2 |
| upstream | released | 4.9.1.3 |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
6.8 Medium
CVSS2