DEBIAN-CVE-2010-2197

DEBIAN-CVE-2010-2197 PUBLISHED

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

Affected Products

Vendor	Product	Versions
Debian:12	rpm	0, 0, 0
Debian:14	rpm	0, 0, 0
Debian:13	rpm	0, 0, 0
Debian:11	rpm	0, 0, 0

Timeline

Jun 8, 2010 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2010-2197 advisory

Open in Interactive Console →