CVE-2012-0060
EPSS 4.9%rpm - security update
發布日:2012/6/4修改日:2026/4/28
描述
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
受影響套件(2)
- Debian/rpmfrom 0, < 4.9.1.3-1
- Debian/rpmfrom 0, < 4.8.1-6+squeeze2