{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2011-12-24T19:55:01Z",
  "id": "CVE-2011-3378",
  "details": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "type": "EVIDENCE",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
    },
    {
      "type": "WEB",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
    }
  ]
}