The rpmpkgRead function in lib/package.c in RPM 4.10.x prior to 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote malicious users to bypass RPM signature checks via a crafted package.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rpm rpm 4.10.0 |
||
rpm rpm 4.10.1 |