Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2011-3378

Published: 24/12/2011 Updated: 13/02/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Rpm

Vulnerability Summary

RPM 4.4.x up to and including 4.9.x, probably prior to 4.9.1.2, allows remote malicious users to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

Vulnerable Product Search on Vulmon Subscribe to Product

rpm rpm 4.4.2.1

rpm rpm 4.8.0

rpm rpm 4.4.2

rpm rpm 4.6.0

rpm rpm 4.4.2.2

rpm rpm 4.7.2

rpm rpm 4.7.0

rpm rpm 4.4.2.3

rpm rpm 4.6.1

rpm rpm 4.7.1

rpm rpm

rpm rpm 4.4.2.

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-3378: Malformed Header parsing
Debian Bug report logs - #645325 CVE-2011-3378: Malformed Header parsing Package: rpm; Maintainer for rpm is RPM packaging team <team+pkg-rpm@trackerdebianorg>; Source for rpm is src:rpm (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 14 Oct 2011 12:57:01 UTC Severity: ...
Ubuntu Security Notice: rpm vulnerabilities
RPM could be made to crash or run programs if it opened a specially crafted package file ...
Amazon Linux AMI: ALAS-2011-014
Multiple flaws were found in the way the RPM library parsed package headers An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code (CVE-2011-3378) ...

References

CWE-94http://www.openwall.com/lists/oss-security/2011/09/27/3https://bugzilla.redhat.com/show_bug.cgi?id=741612http://www.redhat.com/support/errata/RHSA-2011-1349.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=741606http://www.mandriva.com/security/advisories?name=MDVSA-2011:143http://rpm.org/wiki/Releases/4.9.1.2#Securityhttp://www.ubuntu.com/usn/USN-1695-1http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3fhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645325https://usn.ubuntu.com/1695-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook