CVE-2012-0815 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-0815 Interim 1 19 2023-12-08T02:54:35Z current 2021-05-30T13:02:09Z 2023-12-08T02:54:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-0815 The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-May/000114.html E-Mail link for SUSE-SU-2012:0624-1 https://lists.suse.com/pipermail/sle-security-updates/2012-July/000180.html E-Mail link for SUSE-SU-2012:0880-1 https://www.suse.com/support/kb/doc/?id=7006535 E-Mail link for TID7006535 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 popt-1.7-37.29.33.1 popt-1.7-37.50.6 popt-32bit-1.7-37.29.33.1 popt-32bit-1.7-37.50.6 popt-devel-1.7-37.50.6 popt-devel-32bit-1.7-37.56.1 popt-x86-1.7-37.56.1 rpm-32bit-4.4.2.3-37.29.33.1 rpm-32bit-4.4.2.3-37.50.6 rpm-4.4.2.3-37.29.33.1 rpm-4.4.2.3-37.50.6 rpm-devel-32bit-4.4.2.3-37.56.1 rpm-devel-4.4.2.3-37.50.6 rpm-python-4.4.2.3-37.29.35.1 rpm-x86-4.4.2.3-37.56.1 popt-1.7-37.50.6 as a component of SUSE Linux Enterprise Desktop 11 SP2 popt-32bit-1.7-37.50.6 as a component of SUSE Linux Enterprise Desktop 11 SP2 rpm-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Desktop 11 SP2 rpm-32bit-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Desktop 11 SP2 popt-1.7-37.29.33.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA popt-32bit-1.7-37.29.33.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-4.4.2.3-37.29.33.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-32bit-4.4.2.3-37.29.33.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-python-4.4.2.3-37.29.35.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA popt-1.7-37.50.6 as a component of SUSE Linux Enterprise Server 11 SP2 popt-32bit-1.7-37.50.6 as a component of SUSE Linux Enterprise Server 11 SP2 popt-x86-1.7-37.56.1 as a component of SUSE Linux Enterprise Server 11 SP2 rpm-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Server 11 SP2 rpm-32bit-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Server 11 SP2 rpm-x86-4.4.2.3-37.56.1 as a component of SUSE Linux Enterprise Server 11 SP2 popt-1.7-37.50.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 popt-32bit-1.7-37.50.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 popt-x86-1.7-37.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 rpm-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 rpm-32bit-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 rpm-x86-4.4.2.3-37.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 popt-devel-1.7-37.50.6 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 popt-devel-32bit-1.7-37.56.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rpm-32bit-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rpm-devel-4.4.2.3-37.50.6 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rpm-devel-32bit-4.4.2.3-37.56.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rpm-x86-4.4.2.3-37.56.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. CVE-2012-0815 SUSE Linux Enterprise Desktop 11 SP2:popt-1.7-37.50.6 SUSE Linux Enterprise Desktop 11 SP2:popt-32bit-1.7-37.50.6 SUSE Linux Enterprise Desktop 11 SP2:rpm-4.4.2.3-37.50.6 SUSE Linux Enterprise Desktop 11 SP2:rpm-32bit-4.4.2.3-37.50.6 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-1.7-37.29.33.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-32bit-1.7-37.29.33.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-4.4.2.3-37.29.33.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-32bit-4.4.2.3-37.29.33.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-python-4.4.2.3-37.29.35.1 SUSE Linux Enterprise Server 11 SP2:popt-1.7-37.50.6 SUSE Linux Enterprise Server 11 SP2:popt-32bit-1.7-37.50.6 SUSE Linux Enterprise Server 11 SP2:popt-x86-1.7-37.56.1 SUSE Linux Enterprise Server 11 SP2:rpm-4.4.2.3-37.50.6 SUSE Linux Enterprise Server 11 SP2:rpm-32bit-4.4.2.3-37.50.6 SUSE Linux Enterprise Server 11 SP2:rpm-x86-4.4.2.3-37.56.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:popt-1.7-37.50.6 SUSE Linux Enterprise Server for SAP Applications 11 SP2:popt-32bit-1.7-37.50.6 SUSE Linux Enterprise Server for SAP Applications 11 SP2:popt-x86-1.7-37.56.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:rpm-4.4.2.3-37.50.6 SUSE Linux Enterprise Server for SAP Applications 11 SP2:rpm-32bit-4.4.2.3-37.50.6 SUSE Linux Enterprise Server for SAP Applications 11 SP2:rpm-x86-4.4.2.3-37.56.1 SUSE Linux Enterprise Software Development Kit 11 SP2:popt-devel-1.7-37.50.6 SUSE Linux Enterprise Software Development Kit 11 SP2:popt-devel-32bit-1.7-37.56.1 SUSE Linux Enterprise Software Development Kit 11 SP2:rpm-32bit-4.4.2.3-37.50.6 SUSE Linux Enterprise Software Development Kit 11 SP2:rpm-devel-4.4.2.3-37.50.6 SUSE Linux Enterprise Software Development Kit 11 SP2:rpm-devel-32bit-4.4.2.3-37.56.1 SUSE Linux Enterprise Software Development Kit 11 SP2:rpm-x86-4.4.2.3-37.56.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P