605
VMScore

CVE-2019-18182

Published: 24/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

pacman prior to 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pacman project pacman

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

Vendor Advisories

pacman before 52 is vulnerable to arbitrary command injection in src/pacman/confc in the download_with_xfercommand() function This can be exploited when unsigned databases are used To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package ...