A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
References
Configurations
History
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Feb 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
02 Jun 2021, 14:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:rpm:libdnf:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CWE | CWE-347 | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 8.8 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/ - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1932079 - Issue Tracking, Mitigation, Third Party Advisory |
19 May 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-19 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3445
Mitre link : CVE-2021-3445
CVE.ORG link : CVE-2021-3445
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- enterprise_linux
rpm
- libdnf
CWE
CWE-347
Improper Verification of Cryptographic Signature