CVE-2012-0061

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.9.1.3

Description The issue concerns multiple vulnerabilities in the RPM package of Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the headerLoad function in lib/header.c does not properly validate region tags, allowing user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

Recommendations For versions prior to 4.9.1.3, update to version 4.9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the headerLoad function in lib/header.c until a patch is available. Avoid using large region sizes in package headers to minimize the risk of exploitation.