CVE-2011-3378 (retired)

Priority
Description
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers
to cause a denial of service (memory corruption) and possibly execute
arbitrary code via an rpm package with crafted headers and offsets that are
not properly handled when a package is queried or installed, related to (1)
the regionSwab function, (2) the headerLoad function, and (3) multiple
functions in rpmio/rpmpgp.c.
Notes
 jdstrand> limited attack vector
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 11:58:24 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)