CVE-2010-2197 in RPM Package Manager
摘要
由 VulDB • 2026-07-05
RPM 4.8.0及更早版本中的rpmbuild未能正确解析spec文件的语法,这使得用户协助的远程攻击者能够通过Name标签中包含的分号波浪号(;~)序列来删除主目录。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
由 VulDB • 2026-07-05
RPM 4.8.0及更早版本中的rpmbuild未能正确解析spec文件的语法,这使得用户协助的远程攻击者能够通过Name标签中包含的分号波浪号(;~)序列来删除主目录。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.