VulnerableCode Package Details - pkg:deb/debian/rpm@4.12.0.2%2Bdfsg1-2

Search for packages

Package details: pkg:deb/debian/rpm@4.12.0.2%2Bdfsg1-2

Essentials
History (3)

purl	pkg:deb/debian/rpm@4.12.0.2%2Bdfsg1-2

Next non-vulnerable version	4.18.0+dfsg-1+deb12u1
Latest non-vulnerable version	4.18.0+dfsg-1+deb12u1
Risk	3.1

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-1gkq-3yfu-fke8 Aliases: CVE-2021-20266	A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bd69-cfzq-c7ed Aliases: CVE-2021-3421	A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y63j-ybs2-mfc9 Aliases: CVE-2021-20271	A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:26:33.298558+00:00	Debian Oval Importer	Affected by	VCID-y63j-ybs2-mfc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:37:51.727373+00:00	Debian Oval Importer	Affected by	VCID-1gkq-3yfu-fke8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:10:13.529179+00:00	Debian Oval Importer	Affected by	VCID-bd69-cfzq-c7ed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0