Lucene search

K

[email protected]NVD:CVE-2021-35937

HistoryAug 25, 2022 - 8:15 p.m.

CVE-2021-35937

2022-08-2520:15:09

CWE-367

CWE-59

[email protected]

web.nvd.nist.gov

4

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

NVD

Node

rpmrpmRange<4.18.0

Node

redhatenterprise_linuxMatch6.0

OR

redhatenterprise_linuxMatch7.0

OR

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

Node

fedoraprojectfedoraMatch34

References

access.redhat.com/security/cve/CVE-2021-35937

bugzilla.redhat.com/show_bug.cgi?id=1964125

rpm.org/wiki/Releases/4.18.0

security.gentoo.org/glsa/202210-22

www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

Related for NVD:CVE-2021-35937

debiancve4 alpinelinux2 nessus53 osv7 veracode2 cvelist4 prion4 ubuntucve4 cve4 redhatcve4 fedora2 mageia1 openvas24 suse2 nvd3 f51 cbl_mariner2 rosalinux1 gentoo2 rocky1 redhat36 almalinux2 oraclelinux2 photon6 redos1 ibm5