Bug 1183632 - (CVE-2021-20266) VUL-1: CVE-2021-20266: rpm: missing length checks in hdrblobInit()
(CVE-2021-20266)
VUL-1: CVE-2021-20266: rpm: missing length checks in hdrblobInit()
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Michael Schröder
Security Team bot
https://smash.suse.de/issue/279682/
CVSSv3.1:SUSE:CVE-2021-20266:3.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-17 08:06 UTC by Robert Frohl
Modified: 2022-09-09 09:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-03-17 08:06:32 UTC
rh#1927741

Missing length checks in `hdrblobInit()` which may be able to cause memory unsafety.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1927741
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20266
https://access.redhat.com/security/cve/CVE-2021-20266
Comment 1 Marcus Meissner 2021-08-20 07:52:58 UTC
commit 8f4b3c3cab8922a2022b9e47c71f1ecf906077ef
Author: Demi Marie Obenour <athena@invisiblethingslab.com>
Date:   Mon Feb 8 16:05:01 2021 -0500

    hdrblobInit() needs bounds checks too

    Users can pass untrusted data to hdrblobInit() and it must be robust
    against this.
Comment 2 Swamp Workflow Management 2021-10-15 10:40:02 UTC
SUSE-SU-2021:3444-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for Python2 15-SP2 (src):    python-rpm-4.14.1-22.4.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    rpm-ndb-4.14.1-22.4.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Swamp Workflow Management 2021-10-18 16:17:07 UTC
openSUSE-SU-2021:1366-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    python-rpm-4.14.1-lp152.18.3.1, rpm-4.14.1-lp152.18.3.1