Unrated severityNVD Advisory· Published Feb 24, 2020· Updated Aug 5, 2024
CVE-2019-18182
CVE-2019-18182
Description
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- pacman/pacmandescription
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/mitrevendor-advisoryx_refsource_FEDORA
- git.archlinux.org/pacman.git/commit/mitrex_refsource_MISC
- git.archlinux.org/pacman.git/tree/src/pacman/conf.cmitrex_refsource_MISC
- github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yamlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.