Search for packages
Package details: pkg:deb/debian/rpm@4.10.0-5%2Bdeb7u2
purl pkg:deb/debian/rpm@4.10.0-5%2Bdeb7u2
Next non-vulnerable version 4.18.0+dfsg-1+deb12u1
Latest non-vulnerable version 4.18.0+dfsg-1+deb12u1
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-8tqq-98fr-aaad
Aliases:
CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
VCID-q7k2-h4de-aaak
Aliases:
CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
VCID-syg9-n9mv-aaag
Aliases:
CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
VCID-thy6-umhu-aaaf
Aliases:
CVE-2012-6088
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
4.11.3-1.1
Affected by 3 other vulnerabilities.
VCID-v2jk-5cb5-aaah
Aliases:
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
4.11.3-1.1
Affected by 3 other vulnerabilities.
VCID-z7q8-uh7q-aaap
Aliases:
CVE-2014-8118
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
4.11.3-1.1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-4jnw-qbqx-aaad RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. CVE-2011-3378
VCID-jqrm-1jje-aaae RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. CVE-2012-0060
VCID-p5ja-jjqu-aaae The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. CVE-2012-0815
VCID-v2jk-5cb5-aaah Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. CVE-2013-6435
VCID-x6gr-a1xr-aaae The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. CVE-2012-0061
VCID-z7q8-uh7q-aaap Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. CVE-2014-8118

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:07:05.218662+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:05:36.303668+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:47:21.327937+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:44:30.600197+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:36:06.581108+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:32:21.451220+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:07:25.458253+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:27:58.379671+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T09:21:04.347365+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:17:54.673508+00:00 Debian Oval Importer Fixing VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T05:50:21.727766+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.1.3
2025-06-21T03:06:40.320860+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.1.3
2025-06-21T02:32:20.260903+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.1.3
2025-06-21T01:13:20.519293+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap None 36.1.3
2025-06-21T00:53:43.813163+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf None 36.1.3
2025-06-21T00:38:27.338413+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae None 36.1.3
2025-06-20T23:59:52.655350+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae None 36.1.3
2025-06-20T23:21:40.444997+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae None 36.1.3
2025-06-20T22:46:52.843747+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad None 36.1.3
2025-06-20T19:38:47.845044+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah None 36.1.3
2025-06-20T19:29:35.577472+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah None 36.1.3
2025-06-08T11:56:02.847911+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:53:53.591246+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:36:09.402339+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:37:13.196898+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T10:20:21.796538+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T10:17:36.010225+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T10:10:45.069157+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:18:08.321551+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:00:54.660429+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:22:00.736881+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T03:08:55.265443+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:05:44.472351+00:00 Debian Oval Importer Fixing VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-07T23:28:56.011806+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.1.0
2025-06-07T20:39:25.630211+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.1.0
2025-06-07T19:56:26.794452+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.1.0
2025-06-07T18:35:59.511712+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap None 36.1.0
2025-06-07T18:16:04.934338+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf None 36.1.0
2025-06-07T18:01:02.966211+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae None 36.1.0
2025-06-07T17:22:46.412520+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae None 36.1.0
2025-06-07T16:44:35.888240+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae None 36.1.0
2025-06-07T16:10:47.594530+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad None 36.1.0
2025-06-07T13:33:02.931692+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah None 36.1.0
2025-06-07T13:26:33.990540+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah None 36.1.0
2025-06-03T13:25:50.286729+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah None 36.1.2
2025-04-12T22:38:02.462753+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:00:08.535127+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:36:51.792854+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:18:11.556799+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:14:31.315655+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:42:09.050119+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:11:19.259128+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:41:12.739409+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:38:59.696211+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:40.599270+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:18:45.360628+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T16:01:20.997772+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T15:58:29.498144+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T15:51:33.319935+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:50:15.033805+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:33:15.245822+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:54:15.628891+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T01:36:12.281134+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:32:55.070839+00:00 Debian Oval Importer Fixing VCID-z7q8-uh7q-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-07T22:00:50.550596+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.0.0
2025-04-07T19:09:54.364919+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.0.0
2025-04-07T18:34:18.026046+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.0.0
2025-04-07T17:13:45.223762+00:00 Debian Oval Importer Affected by VCID-z7q8-uh7q-aaap None 36.0.0
2025-04-07T16:53:33.372352+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf None 36.0.0
2025-04-07T16:38:01.468335+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae None 36.0.0
2025-04-07T15:56:55.161779+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae None 36.0.0
2025-04-07T15:17:08.189676+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae None 36.0.0
2025-04-07T14:42:08.816872+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad None 36.0.0
2025-04-07T12:08:28.204509+00:00 Debian Oval Importer Affected by VCID-v2jk-5cb5-aaah None 36.0.0
2025-04-07T12:02:05.111342+00:00 Debian Oval Importer Fixing VCID-v2jk-5cb5-aaah None 36.0.0
2024-11-29T11:39:19.343873+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T19:01:05.859871+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T17:51:43.232456+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T17:49:53.353771+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T11:47:22.039296+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T18:48:57.233966+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-14T04:20:59.171654+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-14T03:31:08.999584+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-14T03:29:44.741732+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T23:12:49.914658+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T11:30:45.098757+00:00 Debian Oval Importer Affected by VCID-thy6-umhu-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T05:56:26.339878+00:00 Debian Oval Importer Fixing VCID-p5ja-jjqu-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T05:35:11.447390+00:00 Debian Oval Importer Fixing VCID-x6gr-a1xr-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T05:34:28.786536+00:00 Debian Oval Importer Fixing VCID-jqrm-1jje-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T03:50:01.923295+00:00 Debian Oval Importer Fixing VCID-4jnw-qbqx-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1