CVE-2012-6088 in rpminfo

Summary

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

12/06/2012

Disclosure

01/18/2013

Moderation

VulDB entry created

Entries

VDB-63369 (1)

CPE

ready

CWE

CWE-255 (Confirmed)

CVSS

5.3

EPSS

0.00528

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-6088
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6088
CVE Details	https://www.cvedetails.com/cve/CVE-2012-6088/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!