{"id":"CVE-2021-20266","details":"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.","modified":"2026-03-15T14:42:21.678211Z","published":"2021-04-30T12:15:07.500Z","related":["ALSA-2021:4489","MGASA-2021-0167","SUSE-SU-2021:2682-1","SUSE-SU-2021:3444-1","SUSE-SU-2022:3939-1","openSUSE-SU-2021:1366-1","openSUSE-SU-2021:2682-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-43"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1927741"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/rpm","events":[{"introduced":"0"},{"fixed":"3659b8a04f5b8bacf6535e0124e7fe23f15286bd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.16.1.3"}]}}],"versions":["rpm-4.11.0-alpha","rpm-4.12.0-alpha","rpm-4.13.0-alpha","rpm-4.15.0-alpha","rpm-4.16.0-alpha","rpm-4.16.0-beta2","rpm-4.16.0-beta3","rpm-4.16.0-release","rpm-4.16.1-release","rpm-4.16.1.1-release","rpm-4.16.1.2-release","rpm-4.4-release","rpm-4.4.1-release","rpm-4.4.2-release","rpm-4.4.2.1-rc1","rpm-4.4.2.1-rc2","rpm-4.8.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20266.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}