VYPR
Unrated severityNVD Advisory· Published Dec 24, 2011· Updated Jun 16, 2026

CVE-2011-3378

CVE-2011-3378

Description

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Rpm/Rpm13 versions
    cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*range: <=4.9.1.1
    • cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
    • (no CPE)range: 4.4.x through 4.9.x, probably before 4.9.1.2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.