CVE-2013-6435

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RPM versions 4.11.1 and earlier popt version 1.10.2.3

Description A race condition issue allows remote attackers to execute arbitrary code via a crafted file, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The issue can be exploited remotely.

Recommendations For RPM versions 4.11.1 and earlier, update to a version later than 4.11.1 to resolve the issue. For popt version 1.10.2.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2016-2427

ALT-PU-2021-2518

ALT-PU-2021-2600

BDU:2015-07494

CESA-2014_1974

CESA-2014_1976

CVE-2013-6435

DLA-140-1

DSA-3129-1

MGASA-2014-0529

RHSA-2014:1974

RHSA-2014:1975

RHSA-2014:1976

RHSA-2014_1974

RHSA-2014_1976

SUSE-SU-2014_1697-1

SUSE-SU-2015_0107-1

USN-2479-1

Affected Products

Alt Linux

Centos

Rpm

Red Hat

Suse

Ubuntu

Popt

CVE-2013-6435

Weakness Enumeration

Related Identifiers

Affected Products

References · 108