Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2011-3378

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

  • Published: Dec 24, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-3378
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
rpm / rpm 4.4.2.1 4.4.2.1.x
rpm / rpm 4.8.0 4.8.0.x
rpm / rpm 4.4.2 4.4.2.x
rpm / rpm 4.6.0 4.6.0.x
rpm / rpm 4.4.2.2 4.4.2.2.x
rpm / rpm 4.7.2 4.7.2.x
rpm / rpm 4.7.0 4.7.0.x
rpm / rpm 4.4.2.3 4.4.2.3.x
rpm / rpm 4.6.1 4.6.1.x
rpm / rpm 4.7.1 4.7.1.x
rpm / rpm - 4.9.1.1.x
rpm / rpm 4.4.2. 4.4.2..x