A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
{ "vanir_signatures": [ { "id": "CVE-2021-20271-a263355a", "signature_type": "Function", "digest": { "function_hash": "20048171095207656906286157320215457454", "length": 1162.0 }, "target": { "file": "lib/package.c", "function": "rpmReadPackageFile" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21" }, { "id": "CVE-2021-20271-bb178e26", "signature_type": "Function", "digest": { "function_hash": "42007002990315704298120220962834331013", "length": 1479.0 }, "target": { "file": "lib/package.c", "function": "headerMergeLegacySigs" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21" }, { "id": "CVE-2021-20271-c02cf37b", "signature_type": "Line", "digest": { "line_hashes": [ "24275801739176814445790225036514810367", "146449676550170976494015790418581282484", "59692120730519522461031139487139021994", "237438668882707351528086875273107835415", "188253714955682294875770722574693963655", "95712636666319716016571947362863082458", "92311055355198149853447891803132470773", "42131774137503273138337216115590656444", "153884652419611992565169832839796207502", "74644144116301880418020155257845471982", "2104988193872832483380127340680905878", "234443884060578478950190847478188321346", "167475506737928333071182665248974898425", "157394582667230566873922788279107459757", "82059186512116620320158458564266100352", "233485225200727645330135368487841999587", "85657501174146104478799331414154896576", "174870900622258089107480236762771057153", "34907199479596137037591206953449485309", "321147128575744151003330869327601389016", "303393578101490065906516034843403880281", "318437721489588304315821989682496995184", "38006337004050367849014125494971575537", "175061254615743437520094884364105697233", "77363606146383857009656345556156423230", "186480394492936430498021022304037294784", "181770857753770097517746901524745191908", "30913405040175035534764784102056841699", "236889513680266079035851799639803890533", "194114407232039335095556079570329067676", "249022990065958714816111991339255160395", "54960641298191277884886659083762790780", "127992657957590043811760327646776932046", "304698036602247774143869017978433554732", "250744351131081829530625072565675217722", "36656784869560343249949288503597589348", "170547716959680533076677559189261145640", "121713541064240962798640750646580808579", "186762389796691736500395706047092641008", "23200626527644494473308427936974857811", "154918870431555591112890759389551536328", "291858413894433898125463120663368392364", "225718472791953043972022796009114754190", "108801656677693814302435191275033585710", "193447927343475926499602080310565766494", "113550618227067861099788710945551064385", "274435711931836628681103840266923684609", "108891629451031021363620012033597097014", "157902946756436242482462236470357416589", "304063467140049501021933125641651087250", "102707166771665844076021244975419672366", "294336125026284019428175307101295050889", "116851542740175563369683430539555981016", "216200495206398465997049687262527180217", "79191873615801662582418252464382605832", "164978430970920805091239061673019719106", "282921449663537929048759682202928539995", "90973143989974989522332153355976316126", "287245724537977820385873217815643351515", "44802529730012567971170220922554565749", "268690657842368192836387303599115813050", "144010947238307124958539323349633054015", "14672178449306596253776894693424682853", "254948836728881060187961985032227148746", "224914003870438559021890205490402143160", "96805489812739485968183963160616398206", "236564457060156221558607823212047790920", "48978219028165198047704726192602746515", "297977904474851821660162425641097275999", "8984916548224638021709965003739438299", "255246192547716801015089390704859725892", "33918144162416462101818060040215351961", "170964427126840192885688019616971642955", "105311074047723310597162550352577188475", "67340489106477276261440066076091306008", "61220301857844028518512203141058005866", "25397590813383690955468288709214786215", "68862407019424048919648730631461319197" ], "threshold": 0.9 }, "target": { "file": "lib/package.c" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21" } ] }