CVE-2021-3445

🗓️ 19 May 2021 13:44:23Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 265 Views

A flaw in libdnf's signature verification allows code execution pre-0.60.1. High risk to confidentiality, integrity, and system availability

Reporter	Title	Published	Views	Family All 68
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93	14 Mar 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	19 Jan 202313:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities	25 Apr 202214:44	–	ibm
Tenable Nessus	AlmaLinux 8 : dnf (ALSA-2021:4464)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : dnf (CESA-2021:4464)	11 Nov 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : libdnf (EulerOS-SA-2021-2468)	24 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : libdnf (EulerOS-SA-2021-2531)	27 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : libdnf (EulerOS-SA-2021-2555)	27 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : libdnf (EulerOS-SA-2021-2735)	17 Nov 202100:00	–	nessus

NVD

Vulners

Node

rpm libdnfRange<0.60.1

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Node

redhat enterprise_linuxMatch8.0

[
  {
    "product": "libdnf",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "libdnf 0.60.1"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/

21 Nov 2024 06:21Current

7.4High risk

Vulners AI Score7.4

CVSS 25.1

CVSS 3.17.5

EPSS0.00038

CWE-347