Home

CVE-2021-3445

Description

A flaw was found in libdnfs signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.038

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:4464)Moderate: security and bug fix update dnf-4.7.0-4.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update dnf-automatic-4.7.0-4.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update dnf-data-4.7.0-4.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update dnf-plugins-core-4.0.21-3.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-0.63.0-3.el8.i686.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-debuginfo-0.63.0-3.el8.i686.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-debuginfo-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-debugsource-0.63.0-3.el8.i686.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update libdnf-debugsource-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-dnf-4.7.0-4.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-dnf-plugin-post-transaction-actions-4.0.21-3.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-dnf-plugin-versionlock-4.0.21-3.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-dnf-plugins-core-4.0.21-3.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-hawkey-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-hawkey-debuginfo-0.63.0-3.el8.i686.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-hawkey-debuginfo-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-libdnf-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-libdnf-debuginfo-0.63.0-3.el8.i686.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update python3-libdnf-debuginfo-0.63.0-3.el8.x86_64.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update yum-4.7.0-4.el8.noarch.rpmLinux
(RHSA-2021:4464)Moderate: security and bug fix update yum-utils-4.0.21-3.el8.noarch.rpmLinux
Dnf update (ELSA-2021-4464) dnf-4.7.0-4.0.1.el8.noarch.rpmLinux
Dnf-automatic update (ELSA-2021-4464) dnf-automatic-4.7.0-4.0.1.el8.noarch.rpmLinux
Dnf-data update (ELSA-2021-4464) dnf-data-4.7.0-4.0.1.el8.noarch.rpmLinux
Dnf-plugins-core update (ELSA-2021-4464) dnf-plugins-core-4.0.21-3.0.1.el8.noarch.rpmLinux
Libdnf update (ELSA-2021-4464) libdnf-0.63.0-3.0.1.el8.i686.rpmLinux
Libdnf update (ELSA-2021-4464) libdnf-0.63.0-3.0.1.el8.x86_64.rpmLinux
Python3-dnf update (ELSA-2021-4464) python3-dnf-4.7.0-4.0.1.el8.noarch.rpmLinux
Python3-dnf-plugin-post-transaction-actions update (ELSA-2021-4464) python3-dnf-plugin-post-transaction-actions-4.0.21-3.0.1.el8.noarch.rpmLinux
Python3-dnf-plugin-versionlock update (ELSA-2021-4464) python3-dnf-plugin-versionlock-4.0.21-3.0.1.el8.noarch.rpmLinux
Python3-dnf-plugins-core update (ELSA-2021-4464) python3-dnf-plugins-core-4.0.21-3.0.1.el8.noarch.rpmLinux
Python3-hawkey update (ELSA-2021-4464) python3-hawkey-0.63.0-3.0.1.el8.x86_64.rpmLinux
Python3-libdnf update (ELSA-2021-4464) python3-libdnf-0.63.0-3.0.1.el8.x86_64.rpmLinux
Yum update (ELSA-2021-4464) yum-4.7.0-4.0.1.el8.noarch.rpmLinux
Yum-utils update (ELSA-2021-4464) yum-utils-4.0.21-3.0.1.el8.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234