Vulnerabilites related to pacman_project - pacman
cve-2016-5434
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 01:01
Severity ?
Summary
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:01:00.338Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[pacman-dev] 20160606 [PATCH] Fix OOB read and endless loop in signature parser.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html",
               },
               {
                  name: "[oss-security] 20160611 CVE Request for Denial of Service in pacman 5.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/11/4",
               },
               {
                  name: "[oss-security] 20160614 Re: CVE Request for Denial of Service in pacman 5.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/14/6",
               },
               {
                  name: "[oss-security] 20200421 Re: Pacman package manager - taking untrusted input",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/04/21/9",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-21T20:06:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[pacman-dev] 20160606 [PATCH] Fix OOB read and endless loop in signature parser.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html",
            },
            {
               name: "[oss-security] 20160611 CVE Request for Denial of Service in pacman 5.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/11/4",
            },
            {
               name: "[oss-security] 20160614 Re: CVE Request for Denial of Service in pacman 5.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/14/6",
            },
            {
               name: "[oss-security] 20200421 Re: Pacman package manager - taking untrusted input",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2020/04/21/9",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-5434",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[pacman-dev] 20160606 [PATCH] Fix OOB read and endless loop in signature parser.",
                     refsource: "MLIST",
                     url: "https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html",
                  },
                  {
                     name: "[oss-security] 20160611 CVE Request for Denial of Service in pacman 5.0.1",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/11/4",
                  },
                  {
                     name: "[oss-security] 20160614 Re: CVE Request for Denial of Service in pacman 5.0.1",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/14/6",
                  },
                  {
                     name: "[oss-security] 20200421 Re: Pacman package manager - taking untrusted input",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2020/04/21/9",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-5434",
      datePublished: "2017-01-30T22:00:00",
      dateReserved: "2016-06-14T00:00:00",
      dateUpdated: "2024-08-06T01:01:00.338Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18182
Vulnerability from cvelistv5
Published
2020-02-24 14:38
Modified
2024-08-05 01:47
Severity ?
Summary
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:47:13.578Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
               },
               {
                  name: "FEDORA-2020-096fbcc91f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
               },
               {
                  name: "FEDORA-2020-781d0b2efe",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
               },
               {
                  name: "FEDORA-2020-419a75aef6",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-25T03:06:18",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
            },
            {
               name: "FEDORA-2020-096fbcc91f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
            },
            {
               name: "FEDORA-2020-781d0b2efe",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
            },
            {
               name: "FEDORA-2020-419a75aef6",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18182",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
                  },
                  {
                     name: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
                  },
                  {
                     name: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
                     refsource: "CONFIRM",
                     url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
                  },
                  {
                     name: "FEDORA-2020-096fbcc91f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
                  },
                  {
                     name: "FEDORA-2020-781d0b2efe",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
                  },
                  {
                     name: "FEDORA-2020-419a75aef6",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18182",
      datePublished: "2020-02-24T14:38:43",
      dateReserved: "2019-10-17T00:00:00",
      dateUpdated: "2024-08-05T01:47:13.578Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-9686
Vulnerability from cvelistv5
Published
2019-03-11 16:00
Modified
2024-08-04 21:54
Severity ?
Summary
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T21:54:45.486Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-03-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL \"pacman -U <url>\" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-03-11T16:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-9686",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL \"pacman -U <url>\" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
                  },
                  {
                     name: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
                  },
                  {
                     name: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-9686",
      datePublished: "2019-03-11T16:00:00",
      dateReserved: "2019-03-11T00:00:00",
      dateUpdated: "2024-08-04T21:54:45.486Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18183
Vulnerability from cvelistv5
Published
2020-02-24 14:36
Modified
2024-08-05 01:47
Severity ?
Summary
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:47:13.529Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
               },
               {
                  name: "FEDORA-2020-096fbcc91f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
               },
               {
                  name: "FEDORA-2020-781d0b2efe",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
               },
               {
                  name: "FEDORA-2020-419a75aef6",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-25T03:06:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
            },
            {
               name: "FEDORA-2020-096fbcc91f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
            },
            {
               name: "FEDORA-2020-781d0b2efe",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
            },
            {
               name: "FEDORA-2020-419a75aef6",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18183",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
                  },
                  {
                     name: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
                     refsource: "MISC",
                     url: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
                  },
                  {
                     name: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
                     refsource: "MISC",
                     url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
                  },
                  {
                     name: "FEDORA-2020-096fbcc91f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
                  },
                  {
                     name: "FEDORA-2020-781d0b2efe",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
                  },
                  {
                     name: "FEDORA-2020-419a75aef6",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18183",
      datePublished: "2020-02-24T14:36:18",
      dateReserved: "2019-10-17T00:00:00",
      dateUpdated: "2024-08-05T01:47:13.529Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2020-02-24 15:15
Modified
2024-11-21 04:32
Severity ?
Summary
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
References
cve@mitre.orghttps://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07bPatch, Third Party Advisory
cve@mitre.orghttps://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yamlRelease Notes, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/
af854a3a-2127-422b-91ae-364da2661108https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yamlRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:pacman_project:pacman:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDE0768-C5FE-4636-9E00-259D578D8B24",
                     versionEndExcluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.",
      },
      {
         lang: "es",
         value: "pacman versiones anteriores a 5.2, es vulnerable a una inyección de comandos arbitraria en la biblioteca lib/libalpm/sync.c en la función apply_deltas(). Esto puede ser explotado cuando son usadas las bases de datos sin firma. Para explotar la vulnerabilidad, el usuario debe habilitar la funcionalidad delta no predeterminada y recuperar una base de datos y un archivo delta diseñado, controlados por el atacante.",
      },
   ],
   id: "CVE-2019-18183",
   lastModified: "2024-11-21T04:32:47.153",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-24T15:15:11.457",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2024-11-21 02:54
Summary
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
Impacted products
Vendor Product Version
pacman_project pacman 5.0.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:pacman_project:pacman:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1C15C4F-2CB9-4A96-A009-8AEE3D72751E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.",
      },
      {
         lang: "es",
         value: "Libalpm, como se utiliza en pacman 5.0.1, permite a los atacantes remotos causar una denegación de servicio (bucle infinito o lectura fuera de límites) a través de un archivo de firma manipulado.",
      },
   ],
   id: "CVE-2016-5434",
   lastModified: "2024-11-21T02:54:18.307",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-01-30T22:59:00.467",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/11/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/14/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2020/04/21/9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/11/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/14/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2020/04/21/9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-03-11 16:29
Modified
2024-11-21 04:52
Summary
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.
Impacted products
Vendor Product Version
pacman_project pacman *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:pacman_project:pacman:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E5D4C7-A60E-4422-9168-9EBFC93FF985",
                     versionEndExcluding: "5.1.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL \"pacman -U <url>\" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.",
      },
      {
         lang: "es",
         value: "pacman, en versiones anteriores a la 5.1.3, permite un salto de directorio a la hora de instalar un paquete remoto mediante una URL \"pacman -U \" especificado debido a un nombre de archivo no saneado que se recibe desde una cabecera \"Content-Disposition\". pacman renombra el paquete de archivo descargado para que concuerde con el nombre proporcionado en la misma cabecera. Sin embargo, pacman no saneaba este nombre, el cual puede contener barras, antes de llamar a rename(). Un servidor malicioso (o un MitM en la red si la descarga se efectúa sobre HTTP) puede enviar una cabecera \"Content-Disposition\" para hacer que pacman coloque el archivo en cualquier sitio en el sistema de archivos, conduciendo, potencialmente, a una ejecución de código root arbitrario. En particular, esto omite la comprobación de firmas de paquetes de pacman. Esto ocurre en curl_download_internal en lib/libalpm/dload.c.",
      },
   ],
   id: "CVE-2019-9686",
   lastModified: "2024-11-21T04:52:06.510",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-03-11T16:29:00.283",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-24 15:15
Modified
2024-11-21 04:32
Severity ?
Summary
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
References
cve@mitre.orghttps://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558eePatch, Third Party Advisory
cve@mitre.orghttps://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yamlRelease Notes, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/
af854a3a-2127-422b-91ae-364da2661108https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558eePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yamlRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:pacman_project:pacman:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDE0768-C5FE-4636-9E00-259D578D8B24",
                     versionEndExcluding: "5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.",
      },
      {
         lang: "es",
         value: "pacman versiones anteriores a 5.2,  es vulnerable a una inyección de comandos arbitraria en el archivo conf.c en la función download_with_xfercommand(). Esto puede ser explotado cuando son usadas las bases de datos sin firma. Para explotar la vulnerabilidad, el usuario debe habilitar un XferCommand no predeterminado y recuperar una base de datos y un paquete diseñados y controlados por el atacante.",
      },
   ],
   id: "CVE-2019-18182",
   lastModified: "2024-11-21T04:32:47.003",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-24T15:15:11.377",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TTUXXUW5OCOASIRMJK4RHEPLEA33Y6C/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K53C45EDWBU3UCN3IRIGR5EZUNWXS7BW/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIDJ4XKBZRRVRFFGKUA3ZU6NFIP5JUG3/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}