PT-2021-7705 · Rpm+9 · Rpm+9

Demi M. Obenour

Published

2021-02-11

Updated

2024-06-15

CVE-2021-3421

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.17.0-alpha

Description A flaw was found in the RPM package's read functionality, allowing an attacker to cause RPM database corruption by convincing a victim to install a seemingly verifiable package or compromising an RPM repository. The highest threat from this issue is to data integrity. Exploitation may also allow a remote attacker to impact data integrity due to incorrect cryptographic signature verification of data.

Recommendations For versions prior to 4.17.0-alpha, update to version 4.17.0-alpha or later to resolve the issue. As a temporary workaround, consider restricting access to RPM repositories and verifying the integrity of packages before installation to minimize the risk of exploitation.

Fix

DoS

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2021-2518

ALT-PU-2021-2600

BDU:2023-01683

CESA-2021_2574

CVE-2021-3421

MGASA-2021-0167

OESA-2021-1223

OPENSUSE-SU-2021:1366-1

OPENSUSE-SU-2021:2682-1

OPENSUSE-SU-2021:2685-1

OPENSUSE-SU-2021_1366-1

OPENSUSE-SU-2021_2682-1

OPENSUSE-SU-2021_2685-1

OPENSUSE-SU-2024:11305-1

RHSA-2021:2574

RHSA-2021:2791

RHSA-2021_2574

RLSA-2021:2574

SUSE-SU-2021:2682-1

SUSE-SU-2021:3444-1

SUSE-SU-2022:3939-1

USN-5273-1

Affected Products

Alt Linux

Astra Linux

Centos

Ibm Aix

Linuxmint

Rpm

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-7705 · Rpm+9 · Rpm+9

CVE-2021-3421

Weakness Enumeration

Related Identifiers

Affected Products

References · 63