Search for vulnerabilities
Vulnerability details: VCID-4jnw-qbqx-aaad
Vulnerability ID VCID-4jnw-qbqx-aaad
Aliases CVE-2011-3378
Summary RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-228 Improper Handling of Syntactically Invalid Structure
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2011:1349
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.06386 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.08233 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.09470 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.09470 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.09470 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.09470 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.10777 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
epss 0.18584 https://api.first.org/data/v1/epss?cve=CVE-2011-3378
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2011-3378
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
http://rpm.org/wiki/Releases/4.9.1.2#Security
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3378.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3378
https://bugzilla.redhat.com/show_bug.cgi?id=741606
https://bugzilla.redhat.com/show_bug.cgi?id=741612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
http://www.mandriva.com/security/advisories?name=MDVSA-2011:143
http://www.openwall.com/lists/oss-security/2011/09/27/3
http://www.redhat.com/support/errata/RHSA-2011-1349.html
http://www.ubuntu.com/usn/USN-1695-1
645325 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645325
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
CVE-2011-3378 https://nvd.nist.gov/vuln/detail/CVE-2011-3378
GLSA-201206-26 https://security.gentoo.org/glsa/201206-26
RHSA-2011:1349 https://access.redhat.com/errata/RHSA-2011:1349
USN-1695-1 https://usn.ubuntu.com/1695-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3378
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93858
EPSS Score 0.06386
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.