CVE-2021-3445 Vulnerability Details

  /     /     /  

CVE-2021-3445 Metadata Quick Info

CVE Published: 19/05/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: redhat | Vendor: n/a | Product: libdnf
Status : PUBLISHED

CVE-2021-3445 Description

A flaw was found in libdnf\'s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-347
CWE Name: CWE-347
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: