CVSS: 9.8EPSS: 6%CPEs: 105EXPL: 0CVE-2012-0061 – rpm: improper validation of header contents total size in headerLoad()
https://notcve.org/view.php?id=CVE-2012-0061
04 Jun 2012 — The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. La función headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas "region", lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída) y posiblemente ejecutar códi... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
04 Jun 2012 — The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un ele... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 10%CPEs: 12EXPL: 1CVE-2011-3378 – rpm: crashes and overflows on malformed header
https://notcve.org/view.php?id=CVE-2011-3378
24 Dec 2011 — RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. RPM v4.4.x hasta v4.9.x, probablemente antes de v4.9.1.2, permite a atacantes remotos provocar una denegación de ser... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •