CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
rpmrpm
𝑥
≤ 4.12.0
rpmrpm
1.2
rpmrpm
1.3
rpmrpm
1.3.1
rpmrpm
1.4
rpmrpm
1.4.1
rpmrpm
1.4.2
rpmrpm
1.4.2\/a
rpmrpm
1.4.3
rpmrpm
1.4.4
rpmrpm
1.4.5
rpmrpm
1.4.6
rpmrpm
1.4.7
rpmrpm
2.0
rpmrpm
2.0.1
rpmrpm
2.0.2
rpmrpm
2.0.3
rpmrpm
2.0.4
rpmrpm
2.0.5
rpmrpm
2.0.6
rpmrpm
2.0.7
rpmrpm
2.0.8
rpmrpm
2.0.9
rpmrpm
2.0.10
rpmrpm
2.0.11
rpmrpm
2.1
rpmrpm
2.1.1
rpmrpm
2.1.2
rpmrpm
2.2
rpmrpm
2.2.1
rpmrpm
2.2.2
rpmrpm
2.2.3
rpmrpm
2.2.3.10
rpmrpm
2.2.3.11
rpmrpm
2.2.4
rpmrpm
2.2.5
rpmrpm
2.2.6
rpmrpm
2.2.7
rpmrpm
2.2.8
rpmrpm
2.2.9
rpmrpm
2.2.10
rpmrpm
2.2.11
rpmrpm
2.3
rpmrpm
2.3.1
rpmrpm
2.3.2
rpmrpm
2.3.3
rpmrpm
2.3.4
rpmrpm
2.3.5
rpmrpm
2.3.6
rpmrpm
2.3.7
rpmrpm
2.3.8
rpmrpm
2.3.9
rpmrpm
2.4.1
rpmrpm
2.4.2
rpmrpm
2.4.3
rpmrpm
2.4.4
rpmrpm
2.4.5
rpmrpm
2.4.6
rpmrpm
2.4.8
rpmrpm
2.4.9
rpmrpm
2.4.11
rpmrpm
2.4.12
rpmrpm
2.5
rpmrpm
2.5.1
rpmrpm
2.5.2
rpmrpm
2.5.3
rpmrpm
2.5.4
rpmrpm
2.5.5
rpmrpm
2.5.6
rpmrpm
2.6.7
rpmrpm
3.0
rpmrpm
3.0.1
rpmrpm
3.0.2
rpmrpm
3.0.3
rpmrpm
3.0.4
rpmrpm
3.0.5
rpmrpm
3.0.6
rpmrpm
4.0.
rpmrpm
4.0.1
rpmrpm
4.0.2
rpmrpm
4.0.3
rpmrpm
4.0.4
rpmrpm
4.1
rpmrpm
4.3.3
rpmrpm
4.4.2.1
rpmrpm
4.4.2.2
rpmrpm
4.4.2.3
rpmrpm
4.5.90
rpmrpm
4.6.0
rpmrpm
4.6.0:rc1
rpmrpm
4.6.0:rc2
rpmrpm
4.6.0:rc3
rpmrpm
4.6.0:rc4
rpmrpm
4.6.1
rpmrpm
4.7.0
rpmrpm
4.7.1
rpmrpm
4.7.2
rpmrpm
4.8.0
rpmrpm
4.8.1
rpmrpm
4.9.0
rpmrpm
4.9.0:alpha
rpmrpm
4.9.0:beta1
rpmrpm
4.9.0:rc1
rpmrpm
4.9.1
rpmrpm
4.9.1.1
rpmrpm
4.9.1.2
rpmrpm
4.10.0
rpmrpm
4.10.1
rpmrpm
4.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rpm
bullseye
4.16.1.2+dfsg1-3
fixed
bookworm
4.18.0+dfsg-1+deb12u1
fixed
sid
4.20.0+dfsg-3
fixed
trixie
4.20.0+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rpm
utopic
Fixed 4.11.2-3ubuntu0.1
released
trusty
Fixed 4.11.1-3ubuntu0.1
released
precise
Fixed 4.9.1.1-1ubuntu0.3
released
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0529.html
http://rhn.redhat.com/errata/RHSA-2014-1976.html
http://www.debian.org/security/2015/dsa-3129
http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
https://security.gentoo.org/glsa/201811-22
http://advisories.mageia.org/MGASA-2014-0529.html
http://rhn.redhat.com/errata/RHSA-2014-1976.html
http://www.debian.org/security/2015/dsa-3129
http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
https://security.gentoo.org/glsa/201811-22