Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-8118

Published: 16/12/2014 Updated: 13/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Rpm

Vulnerability Summary

Integer overflow in RPM 4.12 and previous versions allows remote malicious users to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rpm rpm 2.3.5

rpm rpm 4.4.2.1

rpm rpm 1.4.3

rpm rpm 3.0.1

rpm rpm 4.1

rpm rpm 2.2.3.11

rpm rpm 4.8.0

rpm rpm 2.4.4

rpm rpm 2.3.8

rpm rpm 2.0.6

rpm rpm 1.4.4

rpm rpm 1.4.2\\/a

rpm rpm 2.4.1

rpm rpm 2.4.9

rpm rpm 2.6.7

rpm rpm 1.4

rpm rpm 2.0.10

rpm rpm 2.4.5

rpm rpm 4.9.0

rpm rpm 4.0.1

rpm rpm 4.9.1.2

rpm rpm 2.2.11

rpm rpm 4.0.4

rpm rpm 2.2.1

rpm rpm 2.0.1

rpm rpm 1.4.2

rpm rpm 3.0.3

rpm rpm 2.0.7

rpm rpm 4.0.2

rpm rpm 2.2.8

rpm rpm 3.0.2

rpm rpm 4.6.0

rpm rpm

rpm rpm 1.2

rpm rpm 4.0.

rpm rpm 2.1.1

rpm rpm 4.3.3

rpm rpm 4.10.0

rpm rpm 2.5.5

rpm rpm 2.0.8

rpm rpm 4.10.1

rpm rpm 4.8.1

rpm rpm 2.3

rpm rpm 4.4.2.2

rpm rpm 2.4.8

rpm rpm 3.0.4

rpm rpm 2.5.6

rpm rpm 2.0

rpm rpm 2.0.2

rpm rpm 2.3.2

rpm rpm 2.4.3

rpm rpm 2.4.2

rpm rpm 1.4.5

rpm rpm 2.0.11

rpm rpm 3.0.5

rpm rpm 1.3

rpm rpm 4.7.2

rpm rpm 4.9.1

rpm rpm 2.2.3

rpm rpm 2.2

rpm rpm 2.1.2

rpm rpm 2.3.9

rpm rpm 2.2.4

rpm rpm 2.2.9

rpm rpm 2.5.3

rpm rpm 2.2.6

rpm rpm 4.7.0

rpm rpm 2.3.6

rpm rpm 2.5

rpm rpm 2.2.3.10

rpm rpm 4.9.1.1

rpm rpm 2.0.5

rpm rpm 1.4.1

rpm rpm 4.4.2.3

rpm rpm 4.10.2

rpm rpm 2.4.12

rpm rpm 2.5.4

rpm rpm 4.6.1

rpm rpm 1.4.7

rpm rpm 3.0

rpm rpm 1.4.6

rpm rpm 2.5.2

rpm rpm 2.4.11

rpm rpm 2.0.9

rpm rpm 2.1

rpm rpm 2.2.10

rpm rpm 2.3.3

rpm rpm 2.3.7

rpm rpm 2.3.4

rpm rpm 4.7.1

rpm rpm 2.0.4

rpm rpm 1.3.1

rpm rpm 3.0.6

rpm rpm 2.0.3

rpm rpm 2.3.1

rpm rpm 4.0.3

rpm rpm 2.4.6

rpm rpm 4.5.90

rpm rpm 2.5.1

rpm rpm 2.2.5

rpm rpm 2.2.2

rpm rpm 2.2.7

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-6435 CVE-2014-8118
Debian Bug report logs - #773101 CVE-2013-6435 CVE-2014-8118 Package: rpm; Maintainer for rpm is RPM packaging team <team+pkg-rpm@trackerdebianorg>; Source for rpm is src:rpm (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 14 Dec 2014 10:51:01 UTC Severity: grave Tags: patch, secu ...
Ubuntu Security Notice: rpm vulnerabilities
Several security issues were fixed in RPM ...
Amazon Linux AMI: ALAS-2014-458
It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2014-8118) It was found ...

References

CWE-189http://rhn.redhat.com/errata/RHSA-2014-1976.htmlhttp://www.debian.org/security/2015/dsa-3129http://www.mandriva.com/security/advisories?name=MDVSA-2014:251http://www.mandriva.com/security/advisories?name=MDVSA-2015:056http://advisories.mageia.org/MGASA-2014-0529.htmlhttps://security.gentoo.org/glsa/201811-22https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773101https://usn.ubuntu.com/2479-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook