Unrated severityNVD Advisory· Published Apr 30, 2021· Updated Aug 3, 2024
CVE-2021-20266
CVE-2021-20266
Description
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32- RPM/RPMdescription
- osv-coords30 versionspkg:rpm/almalinux/rpm-buildpkg:rpm/almalinux/rpm-plugin-fapolicydpkg:rpm/opensuse/python-rpm&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/python-rpm&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/rpm&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rpm&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/rpm-ndb&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/rpm&distro=SUSE%20Manager%20Proxy%20Module%204.1pkg:rpm/suse/rpm&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/rpm&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/rpm&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/rpm-ndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/rpm-ndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.14.3-19.el8+ 29 more
- (no CPE)range: < 4.14.3-19.el8
- (no CPE)range: < 4.14.3-19.el8
- (no CPE)range: < 4.14.1-lp152.18.3.1
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-lp152.18.3.1
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.14.1-22.4.1
- (no CPE)range: < 4.14.1-22.4.1
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-22.4.1
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.14.1-22.4.2
- (no CPE)range: < 4.14.3-37.2
- (no CPE)range: < 4.11.2-16.26.1
- (no CPE)range: < 4.11.2-16.26.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202107-43mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/mitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.