CVE-2021-35939

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
rpmrpm
𝑥
< 4.18
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rpm
bookworm
4.18.0+dfsg-1+deb12u1
fixed
bullseye
ignored
buster
ignored
sid
4.20.0+dfsg-3
fixed
stretch
no-dsa
trixie
4.20.0+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rpm
bionic
needs-triage
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
needs-triage
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python3-rpm
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-apidocs
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-build
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-build-libs
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-cron
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-devel
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-libs
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-audit
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-fapolicyd
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-ima
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-prioreset
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
rpm-plugin-selinux
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-syslog
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-plugin-systemd-inhibit
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-sign
RHEL 8
0:4.14.3-28.el8_9
fixed
RHEL 8.6 AUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 E4S
0:4.14.3-26.el8_6
fixed
RHEL 8.6 EUS
0:4.14.3-26.el8_6
fixed
RHEL 8.6 TUS
0:4.14.3-26.el8_6
fixed
RHEL 8.8 AUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 E4S
0:4.14.3-28.el8_8
fixed
RHEL 8.8 EUS
0:4.14.3-28.el8_8
fixed
RHEL 8.8 TUS
0:4.14.3-28.el8_8
fixed
RHEL 9
0:4.16.1.3-27.el9_3
fixed
rpm-sign-libs
RHEL 9
0:4.16.1.3-27.el9_3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-35939
https://bugzilla.redhat.com/show_bug.cgi?id=1964129
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556
https://github.com/rpm-software-management/rpm/pull/1919
https://rpm.org/wiki/Releases/4.18.0
https://security.gentoo.org/glsa/202210-22
https://access.redhat.com/security/cve/CVE-2021-35939
https://bugzilla.redhat.com/show_bug.cgi?id=1964129
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556
https://github.com/rpm-software-management/rpm/pull/1919
https://rpm.org/wiki/Releases/4.18.0
https://security.gentoo.org/glsa/202210-22