A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1927741 | Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202107-43 | Third Party Advisory |
Information
Published : 2021-04-30 05:15
Updated : 2022-04-26 10:11
NVD link : CVE-2021-20266
Mitre link : CVE-2021-20266
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
fedoraproject
- fedora
rpm
- rpm