7.5

CVE-2021-3445

EPSS 0.05%
Published 19.05.2021 14:15:07
Last modified 21.11.2024 06:21:32
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Rpm ≫ Libdnf Version < 0.60.1

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.121

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://bugzilla.redhat.com/show_bug.cgi?id=1932079

Third Party Advisory

Issue Tracking

Mitigation

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/

https://nvd.nist.gov/vuln/detail/CVE-2021-3445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3445

EUVD