Rpm Rpm

Do you want an email whenever new security vulnerabilities are reported in Rpm?

By the Year

In 2021 there have been 3 vulnerabilities in Rpm with an average score of 5.8 out of ten. Rpm did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 3 5.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Rpm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Rpm Security Vulnerabilities

A flaw was found in the RPM package in the read functionality

CVE-2021-3421 5.5 - Medium - May 19, 2021

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Improper Verification of Cryptographic Signature

A flaw was found in RPM's hdrblobInit() in lib/header.c

CVE-2021-20266 4.9 - Medium - April 30, 2021

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

A flaw was found in RPM's signature check functionality when reading a package file

CVE-2021-20271 7 - High - March 26, 2021

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Insufficient Verification of Data Authenticity

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux (RHEL) or by Rpm? Click the Watch button to subscribe.

Rpm
Vendor

Rpm
Product

subscribe