First published: Thu Feb 11 2021(Updated: )
RPM Project RPM is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the hdrblobInit function in lib/header.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rpm | <4.17.0 | 4.17.0 |
Rpm Rpm | <4.16.1.3 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
IBM QRadar SIEM | <=7.5.0 GA | |
IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20266 is a vulnerability in the RPM Project RPM software that allows a local authenticated attacker to cause a denial of service condition.
The CVE-2021-20266 vulnerability can be exploited by sending a specially-crafted request to the hdrblobInit function in lib/header.c.
The severity of CVE-2021-20266 is low with a CVSS score of 3.1.
IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2021-20266.
To fix the CVE-2021-20266 vulnerability, apply the necessary patches provided by IBM for your specific version of IBM QRadar SIEM.