Lucene search

K
ubuntuUbuntuUSN-5273-1
HistoryJul 21, 2022 - 12:00 a.m.

RPM Package Manager vulnerabilities

2022-07-2100:00:00
ubuntu.com
138
ubuntu 20.04 lts
ubuntu 18.04 esm
vulnerabilities
rpm package manager
denial of service
memory handling

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.2%

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • rpm - package manager for RPM

Details

Demi M. Obenour discovered that RPM Package Manager incorrectly handled
certain files. An attacker could possibly use this issue to corrupt the
database and cause a denial of service. (CVE-2021-3421, CVE-2021-20271)

Demi M. Obenour discovered that RPM Package Manager incorrectly handled
memory when processing certain data from the database. An attacker could
possibly use this issue to cause a denial of service. This issue only
affects Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20266)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchrpm< 4.14.2.1+dfsg1-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchdebugedit< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchdebugedit-dbgsym< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpm-dev< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpm8< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpm8-dbgsym< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpmbuild8< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpmbuild8-dbgsym< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpmio8< 4.14.2.1+dfsg1-1build2UNKNOWN
Ubuntu20.04noarchlibrpmio8-dbgsym< 4.14.2.1+dfsg1-1build2UNKNOWN
Rows per page:
1-10 of 841

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.2%