CVE-2021-3421

Public on 2021-05-19
Modified on 2021-07-15
Description

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity.

Severity
Medium
See what this means
CVSS v3 Base Score
4.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 rpm 2021-07-08 18:38 ALAS-2021-1521
Amazon Linux 2 - Core rpm 2021-07-14 20:43 ALAS2-2021-1689

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N