AZL-10769

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10769.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-10769

Upstream

CVE-2021-35939

Published

2022-08-26T16:15:08Z

Modified

2026-04-01T05:06:24.659964Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2021-35939 affecting package rpm for versions less than 4.18.0-1

Details

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-35939

Affected packages

Azure Linux:2 / rpm

Package

Name: rpm
Purl: pkg:rpm/azure-linux/rpm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.18.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10769.json"