CVSS: 9.8EPSS: 6%CPEs: 105EXPL: 0CVE-2012-0061 – rpm: improper validation of header contents total size in headerLoad()
https://notcve.org/view.php?id=CVE-2012-0061
04 Jun 2012 — The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. La función headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas "region", lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída) y posiblemente ejecutar códi... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
04 Jun 2012 — The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un ele... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •