FKIE_CVE-2012-0815

Vulnerability from fkie_nvd - Published: 2012-06-04 20:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0451.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
secalert@redhat.comhttp://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
secalert@redhat.comhttp://rpm.org/wiki/Releases/4.9.1.3Patch
secalert@redhat.comhttp://secunia.com/advisories/48651Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48716Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49110Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:056
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhat.comhttp://www.osvdb.org/81009
secalert@redhat.comhttp://www.securityfocus.com/bid/52865
secalert@redhat.comhttp://www.securitytracker.com/id?1026882
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1695-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=744104
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74581
secalert@redhat.comhttps://hermes.opensuse.org/messages/14440932
secalert@redhat.comhttps://hermes.opensuse.org/messages/14441362
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0451.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
af854a3a-2127-422b-91ae-364da2661108http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
af854a3a-2127-422b-91ae-364da2661108http://rpm.org/wiki/Releases/4.9.1.3Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48651Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48716Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49110Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/81009
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52865
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026882
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1695-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=744104
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74581
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/14440932
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/14441362
Impacted products
Vendor Product Version
rpm rpm *
rpm rpm 1.2
rpm rpm 1.3
rpm rpm 1.3.1
rpm rpm 1.4
rpm rpm 1.4.1
rpm rpm 1.4.2
rpm rpm 1.4.2\/a
rpm rpm 1.4.3
rpm rpm 1.4.4
rpm rpm 1.4.5
rpm rpm 1.4.6
rpm rpm 1.4.7
rpm rpm 2.0
rpm rpm 2.0.1
rpm rpm 2.0.2
rpm rpm 2.0.3
rpm rpm 2.0.4
rpm rpm 2.0.5
rpm rpm 2.0.6
rpm rpm 2.0.7
rpm rpm 2.0.8
rpm rpm 2.0.9
rpm rpm 2.0.10
rpm rpm 2.0.11
rpm rpm 2.1
rpm rpm 2.1.1
rpm rpm 2.1.2
rpm rpm 2.2
rpm rpm 2.2.1
rpm rpm 2.2.2
rpm rpm 2.2.3
rpm rpm 2.2.3.10
rpm rpm 2.2.3.11
rpm rpm 2.2.4
rpm rpm 2.2.5
rpm rpm 2.2.6
rpm rpm 2.2.7
rpm rpm 2.2.8
rpm rpm 2.2.9
rpm rpm 2.2.10
rpm rpm 2.2.11
rpm rpm 2.3
rpm rpm 2.3.1
rpm rpm 2.3.2
rpm rpm 2.3.3
rpm rpm 2.3.4
rpm rpm 2.3.5
rpm rpm 2.3.6
rpm rpm 2.3.7
rpm rpm 2.3.8
rpm rpm 2.3.9
rpm rpm 2.4.1
rpm rpm 2.4.2
rpm rpm 2.4.3
rpm rpm 2.4.4
rpm rpm 2.4.5
rpm rpm 2.4.6
rpm rpm 2.4.8
rpm rpm 2.4.9
rpm rpm 2.4.11
rpm rpm 2.4.12
rpm rpm 2.5
rpm rpm 2.5.1
rpm rpm 2.5.2
rpm rpm 2.5.3
rpm rpm 2.5.4
rpm rpm 2.5.5
rpm rpm 2.5.6
rpm rpm 2.6.7
rpm rpm 3.0
rpm rpm 3.0.1
rpm rpm 3.0.2
rpm rpm 3.0.3
rpm rpm 3.0.4
rpm rpm 3.0.5
rpm rpm 3.0.6
rpm rpm 4.0.
rpm rpm 4.0.1
rpm rpm 4.0.2
rpm rpm 4.0.3
rpm rpm 4.0.4
rpm rpm 4.1
rpm rpm 4.3.3
rpm rpm 4.4.2.1
rpm rpm 4.4.2.2
rpm rpm 4.4.2.3
rpm rpm 4.5.90
rpm rpm 4.6.0
rpm rpm 4.6.0
rpm rpm 4.6.0
rpm rpm 4.6.0
rpm rpm 4.6.0
rpm rpm 4.6.1
rpm rpm 4.7.0
rpm rpm 4.7.1
rpm rpm 4.7.2
rpm rpm 4.8.0
rpm rpm 4.8.1
rpm rpm 4.9.0
rpm rpm 4.9.0
rpm rpm 4.9.0
rpm rpm 4.9.0
rpm rpm 4.9.1
rpm rpm 4.9.1.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB1B63A-0D09-429B-AEAA-AA0F33E0954A",
              "versionEndIncluding": "4.9.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor negativo en un elemento \"region offset\" de una cabecera de paquete, que no es manejado apropiadamente en una comparaci\u00f3n de rango num\u00e9rico."
    }
  ],
  "id": "CVE-2012-0815",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-04T20:55:01.853",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/81009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14441362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/81009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14441362"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.