Unrated severityNVD Advisory· Published Dec 24, 2011· Updated Apr 29, 2026
CVE-2011-3378
CVE-2011-3378
Description
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Affected products
12cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*range: <=4.9.1.1
- cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- bugzilla.redhat.com/show_bug.cginvdExploit
- rpm.org/wiki/Releases/4.9.1.2nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2011-1349.htmlnvdVendor Advisory
- kb.juniper.net/InfoCenter/indexnvd
- lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.htmlnvd
- rpm.org/gitwebnvd
- rpm.org/gitwebnvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2011/09/27/3nvd
- www.ubuntu.com/usn/USN-1695-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.