CVE-2021-3421

Name
CVE-2021-3421
Description
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1927747
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
GENTOO https://security.gentoo.org/glsa/202107-43

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* rpm >= None <= 4.16.1.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rpm 3.13-community 4.16.1.3-r0 None fixed
rpm 3.14-community 4.16.1.3-r1 None fixed
rpm 3.15-community 4.16.1.3-r1 None fixed
rpm 3.16-community 4.16.1.3-r3 None fixed