{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "Signature checking function returned success on (possibly malicious ) rpm packages", "tracking": { "current_release_date": "2026-05-07T12:27:16+00:00", "generator": { "date": "2026-05-07T12:27:16+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2012-6088", "initial_release_date": "2023-02-13T00:00:00+00:00", "revision_history": [ { "date": "2026-05-07T12:27:16+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 6-els", "product": { "name": "Red Hat Enterprise Linux 6-els", "product_id": "rhel-6-els.els", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_els:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 7-els", "product": { "name": "Red Hat Enterprise Linux 7-els", "product_id": "rhel-7-els.els", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_els:7" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 8.10.z", "product": { "name": "Red Hat Enterprise Linux 8.10.z", "product_id": "rhel-8.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 8.2.0.z", "product": { "name": "Red Hat Enterprise Linux 8.2.0.z", "product_id": "rhel-8.2.0.z.aus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_aus:8.2" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 8.4.0.z", "product": { "name": "Red Hat Enterprise Linux 8.4.0.z", "product_id": "rhel-8.4.0.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 8.6.0.z", "product": { "name": "Red Hat Enterprise Linux 8.6.0.z", "product_id": "rhel-8.6.0.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 8.8.0.z", "product": { "name": "Red Hat Enterprise Linux 8.8.0.z", "product_id": "rhel-8.8.0.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.8" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.0.0.z", "product": { "name": "Red Hat Enterprise Linux 9.0.0.z", "product_id": "rhel-9.0.0.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.0" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.2.0.z", "product": { "name": "Red Hat Enterprise Linux 9.2.0.z", "product_id": "rhel-9.2.0.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.2" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.4.z", "product": { "name": "Red Hat Enterprise Linux 9.4.z", "product_id": "rhel-9.4.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.6.z", "product": { "name": "Red Hat Enterprise Linux 9.6.z", "product_id": "rhel-9.6.z.eus", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.7", "product": { "name": "Red Hat Enterprise Linux 9.7", "product_id": "rhel-9.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 9.7.z", "product": { "name": "Red Hat Enterprise Linux 9.7.z", "product_id": "rhel-9.7.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9" } } }, { "category": "product_version", "name": "rpm", "product": { "name": "rpm", "product_id": "rpm.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rpm?arch=src" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.7.z", "product_id": "rhel-9.7.z:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 8.6.0.z", "product_id": "rhel-8.6.0.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-8.6.0.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 7-els", "product_id": "rhel-7-els.els:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-7-els.els" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 8.2.0.z", "product_id": "rhel-8.2.0.z.aus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-8.2.0.z.aus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 8.10.z", "product_id": "rhel-8.10.z:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-8.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 8.8.0.z", "product_id": "rhel-8.8.0.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-8.8.0.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.2.0.z", "product_id": "rhel-9.2.0.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.2.0.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 6-els", "product_id": "rhel-6-els.els:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-6-els.els" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 8.4.0.z", "product_id": "rhel-8.4.0.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-8.4.0.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.4.z", "product_id": "rhel-9.4.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.4.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.0.0.z", "product_id": "rhel-9.0.0.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.0.0.z.eus" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.7", "product_id": "rhel-9.7:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.7" }, { "category": "default_component_of", "full_product_name": { "name": "rpm.src as a component of Red Hat Enterprise Linux 9.6.z", "product_id": "rhel-9.6.z.eus:rpm.src" }, "product_reference": "rpm.src", "relates_to_product_reference": "rhel-9.6.z.eus" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-6088", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2023-02-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "rhel-6-els.els:rpm.src", "rhel-7-els.els:rpm.src", "rhel-8.10.z:rpm.src", "rhel-8.2.0.z.aus:rpm.src", "rhel-8.4.0.z.eus:rpm.src", "rhel-8.6.0.z.eus:rpm.src", "rhel-8.8.0.z.eus:rpm.src", "rhel-9.0.0.z.eus:rpm.src", "rhel-9.2.0.z.eus:rpm.src", "rhel-9.4.z.eus:rpm.src", "rhel-9.6.z.eus:rpm.src", "rhel-9.7.z:rpm.src", "rhel-9.7:rpm.src" ] } ], "notes": [ { "category": "description", "text": "A flaw was found in rpm. The rpmpkgRead function in lib/package.c in the RPM package does not return an error code in certain situations involving an \"unparseable signature.\" This flaw allows remote attackers to bypass RPM signature checks via a crafted package.", "title": "Vulnerability description" } ], "product_status": { "known_not_affected": [ "rhel-6-els.els:rpm.src", "rhel-7-els.els:rpm.src", "rhel-8.10.z:rpm.src", "rhel-8.2.0.z.aus:rpm.src", "rhel-8.4.0.z.eus:rpm.src", "rhel-8.6.0.z.eus:rpm.src", "rhel-8.8.0.z.eus:rpm.src", "rhel-9.0.0.z.eus:rpm.src", "rhel-9.2.0.z.eus:rpm.src", "rhel-9.4.z.eus:rpm.src", "rhel-9.6.z.eus:rpm.src", "rhel-9.7.z:rpm.src", "rhel-9.7:rpm.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-6088" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6088" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6088" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "products": [ "rhel-6-els.els:rpm.src", "rhel-7-els.els:rpm.src", "rhel-8.10.z:rpm.src", "rhel-8.2.0.z.aus:rpm.src", "rhel-8.4.0.z.eus:rpm.src", "rhel-8.6.0.z.eus:rpm.src", "rhel-8.8.0.z.eus:rpm.src", "rhel-9.0.0.z.eus:rpm.src", "rhel-9.2.0.z.eus:rpm.src", "rhel-9.4.z.eus:rpm.src", "rhel-9.6.z.eus:rpm.src", "rhel-9.7.z:rpm.src", "rhel-9.7:rpm.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "rhel-6-els.els:rpm.src", "rhel-7-els.els:rpm.src", "rhel-8.10.z:rpm.src", "rhel-8.2.0.z.aus:rpm.src", "rhel-8.4.0.z.eus:rpm.src", "rhel-8.6.0.z.eus:rpm.src", "rhel-8.8.0.z.eus:rpm.src", "rhel-9.0.0.z.eus:rpm.src", "rhel-9.2.0.z.eus:rpm.src", "rhel-9.4.z.eus:rpm.src", "rhel-9.6.z.eus:rpm.src", "rhel-9.7.z:rpm.src", "rhel-9.7:rpm.src" ] } ], "title": "Signature checking function returned success on (possibly malicious ) rpm packages" } ] }