Bug 217292 - (CVE-2006-5466) VUL-0: CVE-2006-5466: rpm: heap overflow
VUL-0: CVE-2006-5466: rpm: heap overflow
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P5 - None : Normal
: ---
Assigned To: Michael Schröder
Security Team bot
CVE-2006-5466: CVSS v2 Base Score: 5....
Depends on:
  Show dependency treegraph
Reported: 2006-11-02 09:47 UTC by Thomas Biege
Modified: 2021-09-10 14:14 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2006-11-02 09:47:10 UTC
Here we go.

----- Forwarded message from Josh Bressers <bressers@redhat.com> -----

To: vendor-sec@lst.de
From: Josh Bressers <bressers@redhat.com>
Subject: [vendor-sec] RPM heap overflow (CVE-2006-5466)
Errors-To: vendor-sec-admin@lst.de
Date: Tue, 31 Oct 2006 21:35:58 -0500

This bug hit our bugzilla a few days ago.  Those of you who ship RPM may
care about this.


It seems that when certain languages are set (so far only ru_RU.UTF-8 is
proven to work), an rpm query can overflow a buffer.

Vendor Security mailing list
Vendor Security@lst.de
Comment 1 Michael Schröder 2006-11-24 18:20:43 UTC
Fixed in STABLE.
Comment 2 Thomas Biege 2009-10-13 22:34:49 UTC
CVE-2006-5466: CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C)