VIR Vulnerability Intelligence Relay

CVE-2013-6435

high
Published 2014-12-16 · Modified 2026-05-06
CVSS v3
CVSS v2
7.6
VIR risk
7.6

Description

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-6435

OS impact
OSVersionStatusFixed in
debian debian7.0affected
debian debianbookwormfixed4.11.3-1.1
debian debianbullseyefixed4.11.3-1.1
debian debianforkyfixed4.11.3-1.1
debian debiansidfixed4.11.3-1.1
debian debiantrixiefixed4.11.3-1.1

Application impact
VendorProductVersionsFixed
rpmrpm{"endIncluding":"4.11.1"}
rpmrpm1.2
rpmrpm1.3
rpmrpm1.3.1
rpmrpm1.4
rpmrpm1.4.1
rpmrpm1.4.2
rpmrpm1.4.2\/a
rpmrpm1.4.3
rpmrpm1.4.4
rpmrpm1.4.5
rpmrpm1.4.6
rpmrpm1.4.7
rpmrpm2.0
rpmrpm2.0.1
rpmrpm2.0.2
rpmrpm2.0.3
rpmrpm2.0.4
rpmrpm2.0.5
rpmrpm2.0.6
rpmrpm2.0.7
rpmrpm2.0.8
rpmrpm2.0.9
rpmrpm2.0.10
rpmrpm2.0.11
rpmrpm2.1
rpmrpm2.1.1
rpmrpm2.1.2
rpmrpm2.2
rpmrpm2.2.1
rpmrpm2.2.2
rpmrpm2.2.3
rpmrpm2.2.3.10
rpmrpm2.2.3.11
rpmrpm2.2.4
rpmrpm2.2.5
rpmrpm2.2.6
rpmrpm2.2.7
rpmrpm2.2.8
rpmrpm2.2.9
rpmrpm2.2.10
rpmrpm2.2.11
rpmrpm2.3
rpmrpm2.3.1
rpmrpm2.3.2
rpmrpm2.3.3
rpmrpm2.3.4
rpmrpm2.3.5
rpmrpm2.3.6
rpmrpm2.3.7
rpmrpm2.3.8
rpmrpm2.3.9
rpmrpm2.4.1
rpmrpm2.4.2
rpmrpm2.4.3
rpmrpm2.4.4
rpmrpm2.4.5
rpmrpm2.4.6
rpmrpm2.4.8
rpmrpm2.4.9
rpmrpm2.4.11
rpmrpm2.4.12
rpmrpm2.5
rpmrpm2.5.1
rpmrpm2.5.2
rpmrpm2.5.3
rpmrpm2.5.4
rpmrpm2.5.5
rpmrpm2.5.6
rpmrpm2.6.7
rpmrpm3.0
rpmrpm3.0.1
rpmrpm3.0.2
rpmrpm3.0.3
rpmrpm3.0.4
rpmrpm3.0.5
rpmrpm3.0.6
rpmrpm4.0.
rpmrpm4.0.1
rpmrpm4.0.2
rpmrpm4.0.3
rpmrpm4.0.4
rpmrpm4.1
rpmrpm4.3.3
rpmrpm4.4.2.1
rpmrpm4.4.2.2
rpmrpm4.4.2.3
rpmrpm4.5.90
rpmrpm4.6.0
rpmrpm4.6.1
rpmrpm4.7.0
rpmrpm4.7.1
rpmrpm4.7.2
rpmrpm4.8.0
rpmrpm4.8.1
rpmrpm4.9.0
rpmrpm4.9.1
rpmrpm4.9.1.1
rpmrpm4.9.1.2
rpmrpm4.10.0
rpmrpm4.10.1
rpmrpm4.10.2

References

CWEs

CWE-74

Verify integrity in audit chain (admin only). AS-IS.