A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM
The RPM utility has a command injection vulnerability that can be exploited when extracting certain archive formats, allowing an attacker to execute arbitrary commands. This can happen when a specially crafted archive is extracted to a specified destination directory. The tool inserts the archive's top-level folder name into a shell command without proper sanitization.
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
Users who extract archives using the RPM utility are at risk of arbitrary command execution, which can lead to system compromise and data loss.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0
Affected Products
2
References
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability
Impact