QwikSec

Security Database

CVE

CWE

Training

CVE-2021-20271

Published: Mar 26, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Vendor	Product	Versions
n/a	rpm	affected `all versions`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1934125

https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21

FEDORA-2021-2383d950fd

vendor-advisory

FEDORA-2021-8d52a8a999

vendor-advisory

FEDORA-2021-662680e477

vendor-advisory

vendor-advisory

https://www.starwindsoftware.com/security/sw-20220805-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.