A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rpm | Rpm | * | 4.16.1.3 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | rpm-0:4.14.3-14.el8_4 | * |
| Red Hat Enterprise Linux 8 | RedHat | rpm-0:4.14.3-14.el8_4 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | rpm-0:4.14.2-38.el8_2 | * |
| Rpm | Ubuntu | bionic | * |
| Rpm | Ubuntu | esm-apps/bionic | * |
| Rpm | Ubuntu | esm-apps/focal | * |
| Rpm | Ubuntu | esm-apps/xenial | * |
| Rpm | Ubuntu | esm-infra-legacy/trusty | * |
| Rpm | Ubuntu | focal | * |
| Rpm | Ubuntu | groovy | * |
| Rpm | Ubuntu | hirsute | * |
| Rpm | Ubuntu | impish | * |
| Rpm | Ubuntu | precise/esm | * |
| Rpm | Ubuntu | trusty | * |
| Rpm | Ubuntu | trusty/esm | * |
| Rpm | Ubuntu | upstream | * |
| Rpm | Ubuntu | xenial | * |