7.5

CVE-2021-3445

EPSS 0.05%
Veröffentlicht 19.05.2021 14:15:07
Zuletzt bearbeitet 21.11.2024 06:21:32
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rpm ≫ Libdnf Version < 0.60.1

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://bugzilla.redhat.com/show_bug.cgi?id=1932079

Third Party Advisory

Issue Tracking

Mitigation

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/

https://nvd.nist.gov/vuln/detail/CVE-2021-3445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3445

EUVD