CVE-2021-20271
Description
A flaw was found in RPMs signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.228
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Python3-rpm update (ELSA-2021-2574) python3-rpm-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm update (ELSA-2021-2574) rpm-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-apidocs update (ELSA-2021-2574) rpm-apidocs-4.14.3-14.el8_4.noarch.rpm | Linux |
| Rpm-build update (ELSA-2021-2574) rpm-build-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-build-libs update (ELSA-2021-2574) rpm-build-libs-4.14.3-14.el8_4.i686.rpm | Linux |
| Rpm-build-libs update (ELSA-2021-2574) rpm-build-libs-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-cron update (ELSA-2021-2574) rpm-cron-4.14.3-14.el8_4.noarch.rpm | Linux |
| Rpm-devel update (ELSA-2021-2574) rpm-devel-4.14.3-14.el8_4.i686.rpm | Linux |
| Rpm-devel update (ELSA-2021-2574) rpm-devel-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-libs update (ELSA-2021-2574) rpm-libs-4.14.3-14.el8_4.i686.rpm | Linux |
| Rpm-libs update (ELSA-2021-2574) rpm-libs-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-fapolicyd update (ELSA-2021-2574) rpm-plugin-fapolicyd-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-ima update (ELSA-2021-2574) rpm-plugin-ima-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-prioreset update (ELSA-2021-2574) rpm-plugin-prioreset-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-selinux update (ELSA-2021-2574) rpm-plugin-selinux-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-syslog update (ELSA-2021-2574) rpm-plugin-syslog-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-plugin-systemd-inhibit update (ELSA-2021-2574) rpm-plugin-systemd-inhibit-4.14.3-14.el8_4.x86_64.rpm | Linux |
| Rpm-sign update (ELSA-2021-2574) rpm-sign-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update python3-rpm-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-apidocs-4.14.3-14.el8_4.noarch.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-build-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-build-libs-4.14.3-14.el8_4.i686.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-build-libs-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-cron-4.14.3-14.el8_4.noarch.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-debugsource-4.14.3-14.el8_4.i686.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-debugsource-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-devel-4.14.3-14.el8_4.i686.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-devel-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-libs-4.14.3-14.el8_4.i686.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-libs-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-fapolicyd-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-ima-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-prioreset-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-selinux-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-syslog-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-plugin-systemd-inhibit-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2574) rpm security update rpm-sign-4.14.3-14.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-apidocs-4.11.3-48.el7_9.noarch.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-build-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-build-libs-4.11.3-48.el7_9.i686.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-cron-4.11.3-48.el7_9.noarch.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-devel-4.11.3-48.el7_9.i686.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-devel-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-libs-4.11.3-48.el7_9.i686.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-libs-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-python-4.11.3-48.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:4785) rpm security update rpm-sign-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm update (ELSA-2021-4785) rpm-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-apidocs update (ELSA-2021-4785) rpm-apidocs-4.11.3-48.el7_9.noarch.rpm | Linux |
| Rpm-build update (ELSA-2021-4785) rpm-build-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-build-libs update (ELSA-2021-4785) rpm-build-libs-4.11.3-48.el7_9.i686.rpm | Linux |
| Rpm-build-libs update (ELSA-2021-4785) rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-cron update (ELSA-2021-4785) rpm-cron-4.11.3-48.el7_9.noarch.rpm | Linux |
| Rpm-devel update (ELSA-2021-4785) rpm-devel-4.11.3-48.el7_9.i686.rpm | Linux |
| Rpm-devel update (ELSA-2021-4785) rpm-devel-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-libs update (ELSA-2021-4785) rpm-libs-4.11.3-48.el7_9.i686.rpm | Linux |
| Rpm-libs update (ELSA-2021-4785) rpm-libs-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-plugin-systemd-inhibit update (ELSA-2021-4785) rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-python update (ELSA-2021-4785) rpm-python-4.11.3-48.el7_9.x86_64.rpm | Linux |
| Rpm-sign update (ELSA-2021-4785) rpm-sign-4.11.3-48.el7_9.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) python3-rpm-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) python3-rpm-debuginfo-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) python3-rpm-debugsource-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-32bit-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-build-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-build-debuginfo-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-debuginfo-32bit-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-python-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-python-debuginfo-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-python-debugsource-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-debuginfo-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3939-1(SUSE Linux Enterprise Server 12-SP5 ) rpm-debugsource-4.11.2-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2682-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) rpm-4.14.3-37.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2682-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) rpm-debuginfo-4.14.3-37.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2682-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) rpm-debugsource-4.14.3-37.2.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| (RHSA-2021:4785)Moderate: security update rpm-debuginfo-4.11.3-48.el7_9.i686.rpm | Linux |
| (RHSA-2021:4785)Moderate: security update rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-cron-4.11.3-40.amzn2.0.6.noarch.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-libs-4.11.3-40.amzn2.0.6.i686.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-libs-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-sign-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-build-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-devel-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) python2-rpm-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) python3-rpm-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-apidocs-4.11.3-40.amzn2.0.6.noarch.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-build-libs-4.11.3-40.amzn2.0.6.i686.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-build-libs-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| rpm Security Update (ALAS-2021-1689) rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86_64.rpm | Linux |
| CVE-2021-20271 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234