VDB
CVE-2021-3445
CVE-2021-3445
PUBLISHED
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
EPSS 0.04% · 11.8th percentile
Risk Scores
EPSS Score
0.04%
11.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | libdnf | 0 |
Timeline
- CVE Published
- May 20, 2021 EPSS Score
- Jul 22, 2021 EPSS Score
- Sep 22, 2021 EPSS Score
- Nov 22, 2021 EPSS Score
- Jan 23, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jul 27, 2022 EPSS Score
- Sep 27, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3445 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3445 third-party-advisory
- https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de third-party-advisory