PT-2012-1127 · Red Hat+3 · Rpm+4

Ramon De C Valle

Published

2012-04-03

Updated

2021-08-23

CVE-2012-0815

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.9.1.3

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For versions prior to 4.9.1.3, update to version 4.9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the headerVerifyInfo function in lib/header.c until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-189

Related Identifiers

ALT-PU-2016-2427

ALT-PU-2021-2518

ALT-PU-2021-2600

BDU:2015-09653

CESA-2012_0451

CVE-2012-0815

DLA-140-1

RHSA-2012:0451

RHSA-2012_0451

Affected Products

Alt Linux

Centos

Rpm

Red Hat

Suse

PT-2012-1127 · Red Hat+3 · Rpm+4

CVE-2012-0815

Weakness Enumeration

Related Identifiers

Affected Products

References · 87