RPM Denial of Service and Arbitrary Code Execution Vulnerability

RPM Denial of Service and Arbitrary Code Execution Vulnerability

CVE-2012-0060 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Learn more about our Web Application Penetration Testing UK.