Search for packages
Package details: pkg:deb/debian/rpm@4.12.0.2%2Bdfsg1-2~bpo8%2B1
purl pkg:deb/debian/rpm@4.12.0.2%2Bdfsg1-2~bpo8%2B1
Next non-vulnerable version 4.18.0+dfsg-1+deb12u1
Latest non-vulnerable version 4.18.0+dfsg-1+deb12u1
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-8tqq-98fr-aaad
Aliases:
CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
VCID-q7k2-h4de-aaak
Aliases:
CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
VCID-syg9-n9mv-aaag
Aliases:
CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
4.16.1.2+dfsg1-3
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:07:05.222337+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T05:50:21.731862+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.1.3
2025-06-21T03:06:40.324763+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.1.3
2025-06-21T02:32:20.265236+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.1.3
2025-06-08T11:36:09.405360+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-07T23:28:56.015445+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.1.0
2025-06-07T20:39:25.633193+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.1.0
2025-06-07T19:56:26.798184+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.1.0
2025-04-12T21:18:11.566569+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:11:19.270042+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:40.609291+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-07T22:00:50.561276+00:00 Debian Oval Importer Affected by VCID-8tqq-98fr-aaad None 36.0.0
2025-04-07T19:09:54.375543+00:00 Debian Oval Importer Affected by VCID-q7k2-h4de-aaak None 36.0.0
2025-04-07T18:34:18.038077+00:00 Debian Oval Importer Affected by VCID-syg9-n9mv-aaag None 36.0.0