{"id":"CVE-2021-3421","details":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.","modified":"2026-04-10T04:34:30.008950Z","published":"2021-05-19T14:15:07.457Z","related":["MGASA-2021-0167","SUSE-SU-2021:2682-1","SUSE-SU-2021:3444-1","SUSE-SU-2022:3939-1","openSUSE-SU-2021:1366-1","openSUSE-SU-2021:2682-1","openSUSE-SU-2021:2685-1","openSUSE-SU-2024:11305-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-43"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1927747"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/rpm","events":[{"introduced":"0"},{"fixed":"3659b8a04f5b8bacf6535e0124e7fe23f15286bd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.16.1.3"}]}}],"versions":["rpm-4.11.0-alpha","rpm-4.12.0-alpha","rpm-4.13.0-alpha","rpm-4.15.0-alpha","rpm-4.16.0-alpha","rpm-4.16.0-beta2","rpm-4.16.0-beta3","rpm-4.16.0-release","rpm-4.16.1-release","rpm-4.16.1.1-release","rpm-4.16.1.2-release","rpm-4.4-release","rpm-4.4.1-release","rpm-4.4.2-release","rpm-4.4.2.1-rc1","rpm-4.4.2.1-rc2","rpm-4.8.0-beta1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3421.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}