CVE-2021-20266Out-of-bounds Read in RPM

CWE-125Out-of-bounds Read8 documents7 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 80.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
RPMDebian RPMFedoraproject Fedora+3 more
Timeline
PublishedApr 30
Latest updateJul 21

Description

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages8 packages

NVDrpm/rpm< 4.16.1.3
debiandebian/rpm< rpm 4.16.1.2+dfsg1-1 (bookworm)
Debianrpm/rpm< 4.16.1.2+dfsg1-1+3
Ubunturpm/rpm< 4.12.0.1+dfsg1-3ubuntu0.1~esm1+2
CVEListV5rpm/rpmrpm 4.17.0

Also affects: Fedora 33, 34

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
OSV
rpm vulnerabilities2022-07-21
GHSA
GHSA-8vf3-43pf-v3cq: A flaw was found in RPM's hdrblobInit() in lib/header2022-05-24
OSV
CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header2021-04-30

📋Vendor Advisories

4
Ubuntu
RPM Package Manager vulnerabilities2022-07-21
Microsoft
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system a2021-04-13
Red Hat
rpm: missing length checks in hdrblobInit()2021-03-11
Debian
CVE-2021-20266: rpm - A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an att...2021