Nixpkgs security tracker
7.0 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
21 packages
- makerpm
- rpm2targz
- rpm-ostree
- rpmextract
- rpm-sequoia
- perlPackages.RPM2
- perl5Packages.RPM2
- perl538Packages.RPM2
- perl540Packages.RPM2
- python312Packages.rpm
- python313Packages.rpm
- python314Packages.rpm
- haskellPackages.rpm-nvr
- haskellPackages.cabal-rpm
- python312Packages.rpmfile
- python313Packages.rpmfile
- python314Packages.rpmfile
- python312Packages.rpmfluff
- haskellPackages.select-rpms
- python314Packages.rpmfluff
- python313Packages.rpmfluff
- @LeSuisse accepted
- @LeSuisse published on GitHub
Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
References
Affected products
Matching in nixpkgs
Ignored packages (21)
pkgs.makerpm
Clean, simple RPM packager reimplemented completely from scratch
pkgs.rpm2targz
Convert a .rpm file to a .tar.gz archive
-
nixos-unstable 2021.03.16
- nixpkgs-unstable 2021.03.16
- nixos-unstable-small 2021.03.16
-
nixos-25.11 2021.03.16
- nixos-25.11-small 2021.03.16
- nixpkgs-25.11-darwin 2021.03.16
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
pkgs.rpmextract
Script to extract RPM archives
pkgs.rpm-sequoia
OpenPGP backend for rpm using Sequoia PGP
pkgs.perlPackages.RPM2
Perl bindings for the RPM Package Manager API
pkgs.perl5Packages.RPM2
Perl bindings for the RPM Package Manager API
pkgs.perl538Packages.RPM2
Perl bindings for the RPM Package Manager API
pkgs.perl540Packages.RPM2
Perl bindings for the RPM Package Manager API
pkgs.python312Packages.rpm
RPM package manager
pkgs.python313Packages.rpm
RPM package manager
pkgs.python314Packages.rpm
RPM package manager
pkgs.haskellPackages.rpm-nvr
RPM package name-version-release data types
pkgs.haskellPackages.cabal-rpm
RPM packaging tool for Haskell Cabal-based packages
pkgs.python312Packages.rpmfile
Read rpm archive files
pkgs.python313Packages.rpmfile
Read rpm archive files
pkgs.python314Packages.rpmfile
Read rpm archive files
pkgs.python312Packages.rpmfluff
Lightweight way of building RPMs, and sabotaging them
pkgs.python313Packages.rpmfluff
Lightweight way of building RPMs, and sabotaging them
pkgs.python314Packages.rpmfluff
Lightweight way of building RPMs, and sabotaging them