Back to search
CVE-2021-3445
Published: May 19, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
| Vendor | Product | Versions |
|---|---|---|
n/a | libdnf | affected libdnf 0.60.1 |
Weaknesses (CWE)
References
FEDORA-2021-eadfc56b95
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-c6802f0b69
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1932079
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now