CVE-2021-20266

Updated: 2024-11-23 05:30:30.298289

Description:

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 4.9

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU rpm 4.16.1.3 4.9 MEDIUM Ignored 2023-11-08 04:07:50
CentOS 6 ELS rpm 4.8.0 4.9 MEDIUM Ignored 2022-04-26 15:46:51
CentOS 7 ELS rpm 4.11.3 4.9 MEDIUM Ignored 2023-09-19 09:30:12
CentOS 8.4 ELS rpm 4.14.3-14 4.9 MEDIUM Released CLSA-2022:1644869807 2022-04-26 15:46:51
CentOS 8.5 ELS rpm 4.14.3-19 4.9 MEDIUM Not Vulnerable 2022-04-26 15:46:51
CloudLinux 6 ELS rpm 4.8.0 4.9 MEDIUM Ignored 2022-04-26 15:46:51
Oracle Linux 6 ELS rpm 4.8.0 4.9 MEDIUM Ignored 2022-04-26 15:46:51