Rpm Rpm

Do you want an email whenever new security vulnerabilities are reported in Rpm?

By the Year

In 2022 there have been 0 vulnerabilities in Rpm . Last year Rpm had 3 security vulnerabilities published. Right now, Rpm is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 5.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Rpm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Rpm Security Vulnerabilities

A flaw was found in the RPM package in the read functionality

CVE-2021-3421 5.5 - Medium - May 19, 2021

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Improper Verification of Cryptographic Signature

A flaw was found in RPM's hdrblobInit() in lib/header.c

CVE-2021-20266 4.9 - Medium - April 30, 2021

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

A flaw was found in RPM's signature check functionality when reading a package file

CVE-2021-20271 7 - High - March 26, 2021

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Insufficient Verification of Data Authenticity

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM

CVE-2017-7501 7.8 - High - November 22, 2017

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

insecure temporary file

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Rpm or by Rpm? Click the Watch button to subscribe.

Rpm
Vendor

Rpm
Product

subscribe