CVE-2017-7501

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7501
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7501.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7501
Downstream
Related
Published
2017-11-22T22:29:00Z
Modified
2025-10-15T09:05:37.758005Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

References

Affected packages

Git / github.com/rpm-software-management/rpm

Affected ranges

Type
GIT
Repo
https://github.com/rpm-software-management/rpm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
404ef011c300207cdb1e531670384564aae04bdc

Affected versions

rpm-4.*

rpm-4.11.0-alpha
rpm-4.12.0-alpha
rpm-4.13.0-alpha
rpm-4.4-release
rpm-4.4.1-release
rpm-4.4.2-release
rpm-4.4.2.1-rc1
rpm-4.4.2.1-rc2
rpm-4.8.0-beta1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2017-7501-877c3c7d",
        "deprecated": false,
        "digest": {
            "function_hash": "219412099653592758534984861251244086760",
            "length": 709.0
        },
        "signature_type": "Function",
        "source": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
        "target": {
            "file": "lib/fsm.c",
            "function": "fsmMkfile"
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2017-7501-8ba28e5e",
        "deprecated": false,
        "digest": {
            "function_hash": "235890607565210547971153495450584611139",
            "length": 453.0
        },
        "signature_type": "Function",
        "source": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
        "target": {
            "file": "lib/fsm.c",
            "function": "expandRegular"
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2017-7501-d085377d",
        "deprecated": false,
        "digest": {
            "function_hash": "251019406392800688581139521858527161792",
            "length": 3231.0
        },
        "signature_type": "Function",
        "source": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
        "target": {
            "file": "lib/fsm.c",
            "function": "rpmPackageFilesInstall"
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2017-7501-e0955c97",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "144376135701053748812605237488036081449",
                "25428771601547806734303775674084354233",
                "271352173659907402745120384815022514709",
                "104794687092458268605734081123103534822",
                "307450884884098676009586619517698205102",
                "63897467800881485416784004900383864668",
                "297234319454878491192390807548114109359",
                "220510232581077913716693910525538938251",
                "317158261814924714448336374437296090185",
                "234525942236946796290087818026749963995",
                "3478167517348178953598863853572660803",
                "265952864534696095245447318455621002924",
                "228759896895832869303370999116506398117",
                "319202708398058262984572471973108275738",
                "206534958941755285883795960989672813241",
                "132265430915805725789224965145563545929",
                "334006586746271393922305274983548605274",
                "330468114636358543994562472419442221872",
                "323606649131829387621601194132249202428",
                "243456054255639250598532073180348662532",
                "178298518237348035648923208230063467617",
                "339520469317884756584824955627241296269",
                "274900824700914748171417536367975980823",
                "213161985280052891919047307010044412497"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
        "target": {
            "file": "lib/fsm.c"
        }
    }
]