CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.3%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 5.1

References

Products affected by CVE-2021-20271

Rpm » Rpm » Version: 4.15.0

cpe:2.3:a:rpm:rpm:4.15.0
Rpm » Rpm » Version: 4.15.1

cpe:2.3:a:rpm:rpm:4.15.1
Rpm » Rpm » Version: 4.16.0

cpe:2.3:a:rpm:rpm:4.16.0
Rpm » Rpm » Version: 4.16.1

cpe:2.3:a:rpm:rpm:4.16.1
Rpm » Rpm » Version: 4.16.1.1

cpe:2.3:a:rpm:rpm:4.16.1.1
Rpm » Rpm » Version: 4.16.1.2

cpe:2.3:a:rpm:rpm:4.16.1.2
Starwindsoftware » Starwind Virtual San » Version: v8

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8
Fedoraproject » Fedora » Version: 32

cpe:2.3:o:fedoraproject:fedora:32
Fedoraproject » Fedora » Version: 33

cpe:2.3:o:fedoraproject:fedora:33
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20271

Products

Pricing

Contact Us