CVE-2021-20266 - OpenCVE

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux
Rpm	Rpm

Configuration 1 [-]

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
rpm-0:4.14.3-19.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:4489	2021-11-09T00:00:00Z
rpm-0:4.14.3-19.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:4489	2021-11-09T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1927741
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
https://nvd.nist.gov/vuln/detail/CVE-2021-20266
https://security.gentoo.org/glsa/202107-43
https://www.cve.org/CVERecord?id=CVE-2021-20266

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-04-30T11:22:49

Updated: 2024-08-03T17:37:23.124Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20266

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-30T12:15:07.500

Modified: 2023-11-07T03:29:03.497

Link: CVE-2021-20266

Redhat

Severity : Low

Publid Date: 2021-03-11T22:49:00Z

Links: CVE-2021-20266 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "rpm", "vendor": "n/a", "versions": [{"status": "affected", "version": "rpm 4.17.0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T10:07:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"}, {"name": "GLSA-202107-43", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-43"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20266", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "rpm", "version": {"version_data": [{"version_value": "rpm 4.17.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"}, {"name": "GLSA-202107-43", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-43"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.124Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"}, {"name": "GLSA-202107-43", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202107-43"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20266", "datePublished": "2021-04-30T11:22:49", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:37:23.124Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*", "matchCriteriaId": "E210A7F5-C9AD-41DB-8E5A-2D48615DF02B", "versionEndExcluding": "4.16.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en RPM en la funci\u00f3n hdrblobInit() en el archivo lib/header.c. Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de l\u00edmites. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "id": "CVE-2021-20266", "lastModified": "2023-11-07T03:29:03.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-30T12:15:07.500", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-43"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Demi M. Obenour for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:4489", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "rpm-0:4.14.3-19.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4489", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "rpm-0:4.14.3-19.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "rpm: missing length checks in hdrblobInit()", "id": "1927741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.", "A flaw was found in RPM\u2019s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "If using the headerCheck() and headerImport() APIs in your software, do not run them on headers from untrusted sources."}, "name": "CVE-2021-20266", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "rpm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "rpm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rpm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-03-11T22:49:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20266\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20266"], "statement": "In order to exploit this flaw with rpm tooling as shipped in Red Hat Enterprise Linux, an attacker would need to already have root access to modify the rpm database.", "threat_severity": "Low", "upstream_fix": "rpm 4.17.0"}