CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-18182
https://notcve.org/view.php?id=CVE-2019-18182
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. pacman versiones anteriores a 5.2, es vulnerable a una inyección de comandos arbitraria en el archivo conf.c en la función download_with_xfercommand(). Esto puede ser explotado cuando son usadas las bases de datos sin firma. Para explotar la vulnerabilidad, el usuario debe habilitar un XferCommand no predeterminado y recuperar una base de datos y un paquete diseñados y controlados por el atacante. • https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263 https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW https://lists.fedoraproject.org/archives&#x • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-18183
https://notcve.org/view.php?id=CVE-2019-18183
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. pacman versiones anteriores a 5.2, es vulnerable a una inyección de comandos arbitraria en la biblioteca lib/libalpm/sync.c en la función apply_deltas(). Esto puede ser explotado cuando son usadas las bases de datos sin firma. Para explotar la vulnerabilidad, el usuario debe habilitar la funcionalidad delta no predeterminada y recuperar una base de datos y un archivo delta diseñado, controlados por el atacante. • https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767 https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW https://lists.fedoraproject.org/archives&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9686
https://notcve.org/view.php?id=CVE-2019-9686
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. pacman, en versiones anteriores a la 5.1.3, permite un salto de directorio a la hora de instalar un paquete remoto mediante una URL "pacman -U " especificado debido a un nombre de archivo no saneado que se recibe desde una cabecera "Content-Disposition". pacman renombra el paquete de archivo descargado para que concuerde con el nombre proporcionado en la misma cabecera. • https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84 https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-5434
https://notcve.org/view.php?id=CVE-2016-5434
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. Libalpm, como se utiliza en pacman 5.0.1, permite a los atacantes remotos causar una denegación de servicio (bucle infinito o lectura fuera de límites) a través de un archivo de firma manipulado. • http://www.openwall.com/lists/oss-security/2016/06/11/4 http://www.openwall.com/lists/oss-security/2016/06/14/6 http://www.openwall.com/lists/oss-security/2020/04/21/9 https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html • CWE-125: Out-of-bounds Read CWE-399: Resource Management Errors •