CVE-2021-3445

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libdnf versions prior to 0.60.1

Description The issue is related to an error in the signature verification function of the libdnf library, which manages packages. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The flaw enables an attacker to achieve code execution by altering the header information of an RPM package and tricking a user or system into installing it, posing a risk to confidentiality, integrity, and system availability.

Recommendations For versions prior to 0.60.1, update to version 0.60.1 or later to resolve the issue. As a temporary workaround, consider restricting the installation of RPM packages from untrusted sources to minimize the risk of exploitation.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALSA-2021:4464

ALT-PU-2024-1362

ALT-PU-2024-1363

ALT-PU-2024-1610

BDU:2021-04884

CESA-2021_4464

CVE-2021-3445

OESA-2021-1224

OPENSUSE-SU-2021:2685-1

OPENSUSE-SU-2021_2685-1

OPENSUSE-SU-2024:10934-1

RHSA-2021:4464

RHSA-2021_4464

RLSA-2021:4464

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Libdnf

CVE-2021-3445

Weakness Enumeration

Related Identifiers

Affected Products

References · 51