CVE-2006-5466

9 documents8 sources

Severity

5.4MEDIUM

EPSS

1.7%

top 17.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RPM Package Manager Ubuntu Ubuntu Linux

Timeline

PublishedNov 6

Latest updateMay 1

Description

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages2 packages

▶NVDrpm/package_manager4.4.8

▶Debianrpm< 4.4.1-11+3

Also affects: Ubuntu Linux 6.06_lts, 6.10

Patches

Patch: secunia.com ↗Patch: www.ubuntu.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6mw-vx2r-6ppm: Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4↗2022-05-01

▶

OSV

CVE-2006-5466: Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4↗2006-11-06

▶

CVEList

CVE-2006-5466: Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4↗2006-11-06

▶

📋Vendor Advisories

Ubuntu

RPM vulnerability↗2006-11-04

▶

Red Hat

RPM Crash after listing contents of non-installed package↗2006-10-29

▶

Debian

CVE-2006-5466: rpm - Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Pac...↗2006

▶

💬Community

Bugzilla

CVE-2006-5466 RPM Crash after listing contents of non-installed package↗2006-11-01

▶

Bugzilla

CVE-2006-5466 RPM Crash after listing contents of non-installed package↗2006-10-29

▶