pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-24T14:36:18

Updated: 2024-08-05T01:47:13.529Z

Reserved: 2019-10-17T00:00:00

Link: CVE-2019-18183

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-24T15:15:11.457

Modified: 2024-11-21T04:32:47.153

Link: CVE-2019-18183

cve-icon Redhat

No data.