CVE-2016-20021

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-20021
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-20021.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-20021
Aliases
Published
2024-01-12T03:15:08Z
Modified
2024-10-21T06:45:38.377056Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

References

Affected packages

Git / github.com/gentoo/portage

Affected ranges

Type
GIT
Repo
https://github.com/gentoo/portage
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

3.*

3.0.39

Other

master1

portage-2.*

portage-2.3.0
portage-2.3.1
portage-2.3.10
portage-2.3.100
portage-2.3.101
portage-2.3.102
portage-2.3.103
portage-2.3.11
portage-2.3.12
portage-2.3.13
portage-2.3.14
portage-2.3.15
portage-2.3.16
portage-2.3.17
portage-2.3.18
portage-2.3.19
portage-2.3.2
portage-2.3.20
portage-2.3.21
portage-2.3.22
portage-2.3.23
portage-2.3.24
portage-2.3.25
portage-2.3.26
portage-2.3.27
portage-2.3.28
portage-2.3.29
portage-2.3.3
portage-2.3.30
portage-2.3.31
portage-2.3.32
portage-2.3.33
portage-2.3.34
portage-2.3.35
portage-2.3.36
portage-2.3.37
portage-2.3.38
portage-2.3.39
portage-2.3.4
portage-2.3.40
portage-2.3.41
portage-2.3.42
portage-2.3.43
portage-2.3.44
portage-2.3.45
portage-2.3.46
portage-2.3.47
portage-2.3.48
portage-2.3.49
portage-2.3.5
portage-2.3.50
portage-2.3.51
portage-2.3.52
portage-2.3.53
portage-2.3.54
portage-2.3.55
portage-2.3.56
portage-2.3.57
portage-2.3.58
portage-2.3.59
portage-2.3.6
portage-2.3.60
portage-2.3.61
portage-2.3.62
portage-2.3.63
portage-2.3.64
portage-2.3.65
portage-2.3.66
portage-2.3.67
portage-2.3.68
portage-2.3.69
portage-2.3.7
portage-2.3.70
portage-2.3.71
portage-2.3.72
portage-2.3.73
portage-2.3.74
portage-2.3.75
portage-2.3.76
portage-2.3.77
portage-2.3.78
portage-2.3.79
portage-2.3.80
portage-2.3.81
portage-2.3.82
portage-2.3.83
portage-2.3.84
portage-2.3.85
portage-2.3.86
portage-2.3.87
portage-2.3.88
portage-2.3.89
portage-2.3.9
portage-2.3.90
portage-2.3.91
portage-2.3.92
portage-2.3.93
portage-2.3.94
portage-2.3.95
portage-2.3.96
portage-2.3.97
portage-2.3.98
portage-2.3.99

portage-3.*

portage-3.0.0
portage-3.0.1
portage-3.0.10
portage-3.0.11
portage-3.0.12
portage-3.0.13
portage-3.0.14
portage-3.0.15
portage-3.0.16
portage-3.0.17
portage-3.0.18
portage-3.0.19
portage-3.0.2
portage-3.0.20
portage-3.0.21
portage-3.0.22
portage-3.0.23
portage-3.0.24
portage-3.0.25
portage-3.0.26
portage-3.0.27
portage-3.0.28
portage-3.0.29
portage-3.0.3
portage-3.0.30
portage-3.0.31
portage-3.0.33
portage-3.0.34
portage-3.0.36
portage-3.0.37
portage-3.0.38.1
portage-3.0.39
portage-3.0.4
portage-3.0.40
portage-3.0.41
portage-3.0.42
portage-3.0.43
portage-3.0.44
portage-3.0.45
portage-3.0.45.1
portage-3.0.45.2
portage-3.0.45.3
portage-3.0.46
portage-3.0.5
portage-3.0.6
portage-3.0.7
portage-3.0.8
portage-3.0.9

repoman-2.*

repoman-2.3.0
repoman-2.3.1
repoman-2.3.10
repoman-2.3.11
repoman-2.3.12
repoman-2.3.13
repoman-2.3.14
repoman-2.3.15
repoman-2.3.16
repoman-2.3.17
repoman-2.3.18
repoman-2.3.19
repoman-2.3.2
repoman-2.3.20
repoman-2.3.21
repoman-2.3.22
repoman-2.3.23
repoman-2.3.3
repoman-2.3.5
repoman-2.3.6
repoman-2.3.7
repoman-2.3.8
repoman-2.3.9

repoman-3.*

repoman-3.0.0
repoman-3.0.1
repoman-3.0.2
repoman-3.0.3

v2.*

v2.0.53_rc4_2111
v2.0.53_rc5
v2.0.53_rc6
v2.0.53_rc7
v2.1
v2.1.1
v2.1.2
v2.1.2-r3
v2.1_pre1
v2.1_pre10
v2.1_pre2
v2.1_pre3
v2.1_pre5_2760
v2.1_pre5_2761
v2.1_pre6
v2.1_pre7
v2.1_pre8
v2.1_pre9
v2.1_rc1
v2.1_rc2
v2.1_rc3
v2.1_rc4
v2.2.0
v2.2.0_alpha1
v2.2.0_alpha10
v2.2.0_alpha100
v2.2.0_alpha101
v2.2.0_alpha102
v2.2.0_alpha103
v2.2.0_alpha104
v2.2.0_alpha105
v2.2.0_alpha106
v2.2.0_alpha107
v2.2.0_alpha108
v2.2.0_alpha109
v2.2.0_alpha11
v2.2.0_alpha110
v2.2.0_alpha111
v2.2.0_alpha112
v2.2.0_alpha113
v2.2.0_alpha114
v2.2.0_alpha115
v2.2.0_alpha116
v2.2.0_alpha117
v2.2.0_alpha118
v2.2.0_alpha119
v2.2.0_alpha12
v2.2.0_alpha120
v2.2.0_alpha121
v2.2.0_alpha122
v2.2.0_alpha123
v2.2.0_alpha124
v2.2.0_alpha125
v2.2.0_alpha126
v2.2.0_alpha127
v2.2.0_alpha128
v2.2.0_alpha129
v2.2.0_alpha13
v2.2.0_alpha130
v2.2.0_alpha131
v2.2.0_alpha132
v2.2.0_alpha133
v2.2.0_alpha134
v2.2.0_alpha135
v2.2.0_alpha136
v2.2.0_alpha137
v2.2.0_alpha138
v2.2.0_alpha139
v2.2.0_alpha14
v2.2.0_alpha140
v2.2.0_alpha141
v2.2.0_alpha142
v2.2.0_alpha143
v2.2.0_alpha144
v2.2.0_alpha145
v2.2.0_alpha146
v2.2.0_alpha147
v2.2.0_alpha148
v2.2.0_alpha149
v2.2.0_alpha15
v2.2.0_alpha150
v2.2.0_alpha151
v2.2.0_alpha152
v2.2.0_alpha153
v2.2.0_alpha154
v2.2.0_alpha155
v2.2.0_alpha156
v2.2.0_alpha157
v2.2.0_alpha158
v2.2.0_alpha159
v2.2.0_alpha16
v2.2.0_alpha160
v2.2.0_alpha161
v2.2.0_alpha162
v2.2.0_alpha163
v2.2.0_alpha164
v2.2.0_alpha165
v2.2.0_alpha166
v2.2.0_alpha167
v2.2.0_alpha168
v2.2.0_alpha169
v2.2.0_alpha17
v2.2.0_alpha170
v2.2.0_alpha171
v2.2.0_alpha172
v2.2.0_alpha173
v2.2.0_alpha174
v2.2.0_alpha175
v2.2.0_alpha176
v2.2.0_alpha177
v2.2.0_alpha178
v2.2.0_alpha179
v2.2.0_alpha18
v2.2.0_alpha180
v2.2.0_alpha181
v2.2.0_alpha182
v2.2.0_alpha183
v2.2.0_alpha184
v2.2.0_alpha185
v2.2.0_alpha186
v2.2.0_alpha187
v2.2.0_alpha188
v2.2.0_alpha189
v2.2.0_alpha19
v2.2.0_alpha190
v2.2.0_alpha191
v2.2.0_alpha192
v2.2.0_alpha193
v2.2.0_alpha194
v2.2.0_alpha195
v2.2.0_alpha196
v2.2.0_alpha2
v2.2.0_alpha20
v2.2.0_alpha21
v2.2.0_alpha22
v2.2.0_alpha23
v2.2.0_alpha24
v2.2.0_alpha25
v2.2.0_alpha26
v2.2.0_alpha27
v2.2.0_alpha28
v2.2.0_alpha29
v2.2.0_alpha3
v2.2.0_alpha30
v2.2.0_alpha31
v2.2.0_alpha32
v2.2.0_alpha33
v2.2.0_alpha34
v2.2.0_alpha35
v2.2.0_alpha36
v2.2.0_alpha37
v2.2.0_alpha38
v2.2.0_alpha39
v2.2.0_alpha4
v2.2.0_alpha40
v2.2.0_alpha41
v2.2.0_alpha42
v2.2.0_alpha43
v2.2.0_alpha44
v2.2.0_alpha45
v2.2.0_alpha46
v2.2.0_alpha47
v2.2.0_alpha48
v2.2.0_alpha49
v2.2.0_alpha5
v2.2.0_alpha50
v2.2.0_alpha51
v2.2.0_alpha52
v2.2.0_alpha53
v2.2.0_alpha54
v2.2.0_alpha55
v2.2.0_alpha56
v2.2.0_alpha57
v2.2.0_alpha58
v2.2.0_alpha59
v2.2.0_alpha6
v2.2.0_alpha60
v2.2.0_alpha61
v2.2.0_alpha62
v2.2.0_alpha63
v2.2.0_alpha64
v2.2.0_alpha65
v2.2.0_alpha66
v2.2.0_alpha67
v2.2.0_alpha68
v2.2.0_alpha69
v2.2.0_alpha7
v2.2.0_alpha70
v2.2.0_alpha71
v2.2.0_alpha72
v2.2.0_alpha73
v2.2.0_alpha74
v2.2.0_alpha75
v2.2.0_alpha76
v2.2.0_alpha77
v2.2.0_alpha78
v2.2.0_alpha79
v2.2.0_alpha8
v2.2.0_alpha80
v2.2.0_alpha81
v2.2.0_alpha82
v2.2.0_alpha83
v2.2.0_alpha84
v2.2.0_alpha85
v2.2.0_alpha86
v2.2.0_alpha87
v2.2.0_alpha88
v2.2.0_alpha89
v2.2.0_alpha9
v2.2.0_alpha90
v2.2.0_alpha91
v2.2.0_alpha92
v2.2.0_alpha93
v2.2.0_alpha94
v2.2.0_alpha95
v2.2.0_alpha96
v2.2.0_alpha97
v2.2.0_alpha98
v2.2.0_alpha99
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.14
v2.2.14_rc1
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.2
v2.2.20
v2.2.21
v2.2.22
v2.2.23
v2.2.24
v2.2.25
v2.2.26
v2.2.27
v2.2.28
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2_pre2
v2.2_pre3
v2.2_pre4
v2.2_pre6
v2.2_pre7
v2.2_pre8
v2.2_rc1
v2.2_rc10
v2.2_rc11
v2.2_rc12
v2.2_rc13
v2.2_rc14
v2.2_rc15
v2.2_rc16
v2.2_rc17
v2.2_rc18
v2.2_rc19
v2.2_rc2
v2.2_rc20
v2.2_rc21
v2.2_rc22
v2.2_rc23
v2.2_rc24
v2.2_rc25
v2.2_rc26
v2.2_rc27
v2.2_rc28
v2.2_rc29
v2.2_rc3
v2.2_rc30
v2.2_rc31
v2.2_rc32
v2.2_rc33
v2.2_rc34
v2.2_rc35
v2.2_rc36
v2.2_rc37
v2.2_rc38
v2.2_rc39
v2.2_rc4
v2.2_rc40
v2.2_rc41
v2.2_rc42
v2.2_rc43
v2.2_rc44
v2.2_rc45
v2.2_rc46
v2.2_rc47
v2.2_rc48
v2.2_rc48_14769
v2.2_rc49
v2.2_rc5
v2.2_rc50
v2.2_rc51
v2.2_rc52
v2.2_rc53
v2.2_rc54
v2.2_rc55
v2.2_rc56
v2.2_rc57
v2.2_rc58
v2.2_rc59
v2.2_rc6
v2.2_rc60
v2.2_rc61
v2.2_rc62
v2.2_rc63
v2.2_rc64
v2.2_rc65
v2.2_rc66
v2.2_rc67
v2.2_rc68
v2.2_rc69
v2.2_rc7
v2.2_rc70
v2.2_rc71
v2.2_rc72
v2.2_rc73
v2.2_rc74
v2.2_rc75
v2.2_rc76
v2.2_rc77
v2.2_rc78
v2.2_rc79
v2.2_rc8
v2.2_rc80
v2.2_rc81
v2.2_rc82
v2.2_rc83
v2.2_rc84
v2.2_rc85
v2.2_rc86
v2.2_rc87
v2.2_rc88
v2.2_rc9
v2.2_rc90
v2.2_rc91
v2.2_rc92
v2.2_rc93
v2.2_rc94
v2.2_rc95
v2.2_rc96
v2.2_rc97
v2.2_rc98
v2.2_rc99
v2.3.0_rc1