CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*

History

12 Feb 2023, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2021-20271', 'name': 'https://access.redhat.com/security/cve/CVE-2021-20271', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHBA-2021:2854', 'name': 'https://access.redhat.com/errata/RHBA-2021:2854', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:2574', 'name': 'https://access.redhat.com/errata/RHSA-2021:2574', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:4785', 'name': 'https://access.redhat.com/errata/RHSA-2021:4785', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:4975', 'name': 'https://access.redhat.com/errata/RHSA-2021:4975', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:4771', 'name': 'https://access.redhat.com/errata/RHSA-2021:4771', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:2791', 'name': 'https://access.redhat.com/errata/RHSA-2021:2791', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 21:20

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/', 'name': 'FEDORA-2021-2383d950fd', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/', 'name': 'FEDORA-2021-8d52a8a999', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/', 'name': 'FEDORA-2021-662680e477', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • (MISC) https://access.redhat.com/security/cve/CVE-2021-20271 -
  • (MISC) https://access.redhat.com/errata/RHBA-2021:2854 -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:2574 -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:4785 -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:4975 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:4771 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/ -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:2791 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ -

25 Oct 2022, 16:42

Type Values Removed Values Added
CPE cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*
First Time Starwindsoftware starwind Virtual San
Starwindsoftware
References (MISC) https://www.starwindsoftware.com/security/sw-20220805-0002/ - (MISC) https://www.starwindsoftware.com/security/sw-20220805-0002/ - Third Party Advisory

11 Oct 2022, 22:15

Type Values Removed Values Added
References
  • (MISC) https://www.starwindsoftware.com/security/sw-20220805-0002/ -

10 Dec 2021, 19:50

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202107-43 - Third Party Advisory

14 May 2021, 15:04

Type Values Removed Values Added
CPE cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/ - Mailing List, Third Party Advisory

07 Apr 2021, 18:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/ -

31 Mar 2021, 19:29

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1934125 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1934125 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 - (MISC) https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 - Patch, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.1
v3 : 7.0
CPE cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

30 Mar 2021, 17:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ -

30 Mar 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ -

26 Mar 2021, 17:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-03-26 17:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-20271

Mitre link : CVE-2021-20271

CVE.ORG link : CVE-2021-20271


JSON object : View

Products Affected

fedoraproject

  • fedora

rpm

  • rpm

starwindsoftware

  • starwind_virtual_san

redhat

  • enterprise_linux
CWE
CWE-345

Insufficient Verification of Data Authenticity