Lucene search

K

RedhatCVELIST:CVE-2021-20271

HistoryMar 26, 2021 - 12:00 a.m.

CVE-2021-20271

2021-03-2600:00:00

CWE-345

redhat

www.cve.org

10

rpm

signature check

vulnerability

database corruption

code execution

data integrity

confidentiality

system availability

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

61.2%

A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "rpm",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

References

bugzilla.redhat.com/show_bug.cgi?id=1934125

github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/

security.gentoo.org/glsa/202107-43

www.starwindsoftware.com/security/sw-20220805-0002/

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

61.2%

Related for CVELIST:CVE-2021-20271

nessus50 photon8 cbl_mariner1 openvas28 redhatcve1 ubuntucve1 redhat17 f51 veracode1 osv3 alpinelinux1 oraclelinux2 debiancve1 prion1 almalinux1 ibm5 cve1 nvd1 centos1 rocky1 amazon2 suse3 fedora3 aix1 mageia1 ubuntu1 gentoo1