The rpmpkgRead function in lib/package.c in RPM 4.10.x prior to 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote malicious users to bypass RPM signature checks via a crafted package.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rpm rpm 4.10.0 |
||
rpm rpm 4.10.1 |
Vulmon