Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDocument Fdn.CVE-2021-25636
HistoryFeb 24, 2022 - 3:15 p.m.

CVE-2021-25636

2022-02-2415:15:21
CWE-295
CWE-347
Document Fdn.
web.nvd.nist.gov
1824
2
cve-2021-25636
libreoffice
digital signatures
certificate validation
vulnerability
nvd
security issue

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both “X509Data” and “KeyValue” children of the “KeyInfo” tag, which when opened caused LibreOffice to verify using the “KeyValue” but to report verification with the unrelated “X509Data” value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Affected configurations

Nvd
Node
libreofficelibreofficeRange7.2.07.2.5
Node
fedoraprojectfedoraMatch34
VendorProductVersionCPE
libreofficelibreoffice*cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "The Document Foundation",
    "product": "LibreOffice",
    "versions": [
      {
        "version": "7.2",
        "status": "affected",
        "lessThan": "7.2.5",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

osv 4
openvas 5
nessus 13
redhat 1
oraclelinux 1
veracode 1
ubuntucve 1
kaspersky 1
fedora 1
redhatcve 1
rocky 1
nvd 1
prion 1
alpinelinux 1
cvelist 1
cnvd 1
suse 1
almalinux 1
debiancve 1
ubuntu 1
thn 1
debian 1
osv
osv
Moderate: libreoffice security update
2022-11-08 00:00:00
Moderate: libreoffice security update
2022-11-08 06:20:10
libreoffice vulnerability
2022-03-15 18:03:29
openvas
openvas
Ubuntu: Security Advisory (USN-5330-1)
2022-03-16 00:00:00
openSUSE: Security Advisory for libreoffice (openSUSE-SU-2022:0886-1)
2022-03-23 00:00:00
Fedora: Security Advisory for libreoffice (FEDORA-2022-3bbe89c20f)
2022-03-04 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : LibreOffice vulnerability (USN-5330-1)
2022-03-15 00:00:00
SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2022:0886-1)
2022-03-23 00:00:00
Oracle Linux 8 : libreoffice (ELSA-2022-7461)
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:7461) Moderate: libreoffice security update
2022-11-08 06:20:10
oraclelinux
oraclelinux
libreoffice security update
2022-11-15 00:00:00
veracode
veracode
Improper Verification Of Signature
2022-02-25 00:44:55
ubuntucve
ubuntucve
CVE-2021-25636
2022-02-24 00:00:00
kaspersky
kaspersky
KLA12465 Security vulnerability in LibreOffice
2022-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: libreoffice-7.1.8.1-4.fc34
2022-03-03 15:51:28
redhatcve
redhatcve
CVE-2021-25636
2022-02-22 12:49:07
rocky
rocky
libreoffice security update
2022-11-08 06:20:10
nvd
nvd
CVE-2021-25636
2022-02-24 15:15:21
prion
prion
Input validation
2022-02-24 15:15:00
alpinelinux
alpinelinux
CVE-2021-25636
2022-02-24 15:15:21
cvelist
cvelist
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children
2022-02-22 00:00:00
cnvd
cnvd
libreoffice trust management issue vulnerability (CNVD-2022-55626)
2022-02-24 00:00:00
suse
suse
Security update for libreoffice (moderate)
2022-03-17 00:00:00
almalinux
almalinux
Moderate: libreoffice security update
2022-11-08 00:00:00
debiancve
debiancve
CVE-2021-25636
2022-02-24 15:15:21
ubuntu
ubuntu
LibreOffice vulnerability
2022-03-15 00:00:00
thn
thn
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities
2022-07-28 06:41:00
debian
debian
[SECURITY] [DLA 3368-1] libreoffice security update
2023-03-26 21:05:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON
Related for CVE-2021-25636
osv4openvas5nessus13redhat1oraclelinux1veracode1ubuntucve1kaspersky1fedora1redhatcve1rocky1nvd1prion1alpinelinux1cvelist1cnvd1suse1almalinux1debiancve1ubuntu1thn1debian1