CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20266 – rpm: missing length checks in hdrblobInit()
https://notcve.org/view.php?id=CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Se detectó un fallo en RPM en la función hdrblobInit() en el archivo lib/header.c. Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1927741 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC https://security.gentoo.org/glsa/202107-43 https://access.redhat.com/security/cve/CVE-2021-20266 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7501
https://notcve.org/view.php?id=CVE-2017-7501
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. Se ha descubierto que las versiones de rpm anteriores a la 4.13.0.2 emplean archivos temporales con nombres predecibles al instalar un RPM. Un atacante que pueda escribir en un directorio en el que se instalarán archivos podría crear enlaces simbólicos en una localización arbitraria y modificar contenido y, probablemente, permisos en archivos arbitrarios. Esto podría emplearse para provocar una denegación de servicio o un posible escalado de privilegios. • https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201811-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 36%CPEs: 109EXPL: 0CVE-2014-8118 – rpm: integer overflow and stack overflow in CPIO header parsing
https://notcve.org/view.php?id=CVE-2014-8118
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Desbordamiento de enteros en RPM 4.12 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de una cabecera CPIO manipulada en la sección 'payload' de un ficheros RPM, lo que provoca un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2014-0529.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 https://security.gentoo.org/glsa/201811-22 https://access.redhat.com/security/cve/CVE-2014-8118 https://bugzilla.redhat.com/show_bug.cgi?id=1168715 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.6EPSS: 9%CPEs: 110EXPL: 0CVE-2013-6435 – rpm: race condition during the installation process
https://notcve.org/view.php?id=CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalación de un fichero en el directorio /etc/cron.d. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. • http://advisories.mageia.org/MGASA-2014-0529.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://rhn.redhat.com/errata/RHSA-2014-1974.html http://rhn.redhat.com/errata/RHSA-2014-1975.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 http://www.oracle.com/technetwork/topics/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.6EPSS: 5%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un elemento "region offset" de una cabecera de paquete, que no es manejado apropiadamente en una comparación de rango numérico. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •