{"api_version":"1","generated_at":"2026-04-23T05:58:24+00:00","cve":"CVE-2021-35939","urls":{"html":"https://cve.report/CVE-2021-35939","api":"https://cve.report/api/cve/CVE-2021-35939.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-35939","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-35939"},"summary":{"title":"CVE-2021-35939","description":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-26 16:15:00","updated_at":"2023-02-04 01:16:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","name":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","refsource":"MISC","tags":[],"title":"Validate intermediate symlinks during installation, CVE-2021-35939 · rpm-software-management/rpm@96ec957 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2021-35939","name":"https://access.redhat.com/security/cve/CVE-2021-35939","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://rpm.org/wiki/Releases/4.18.0","name":"https://rpm.org/wiki/Releases/4.18.0","refsource":"MISC","tags":[],"title":"rpm.org - Releases","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964129","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1964129","refsource":"MISC","tags":[],"title":"1964129 – (CVE-2021-35939) CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202210-22","name":"GLSA-202210-22","refsource":"GENTOO","tags":[],"title":"RPM: Multiple Vulnerabilities (GLSA 202210-22) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/rpm-software-management/rpm/pull/1919","name":"https://github.com/rpm-software-management/rpm/pull/1919","refsource":"MISC","tags":[],"title":"First steps towards fixing the symlink CVEs by pmatilai · Pull Request #1919 · rpm-software-management/rpm · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-35939","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35939","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"35939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rpm","cpe5":"rpm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-35939","qid":"161314","title":"Oracle Enterprise Linux Security Update for rpm (ELSA-2024-0463)"},{"cve":"CVE-2021-35939","qid":"161331","title":"Oracle Enterprise Linux Security Update for rpm (ELSA-2024-0647)"},{"cve":"CVE-2021-35939","qid":"182935","title":"Debian Security Update for rpm (CVE-2021-35939)"},{"cve":"CVE-2021-35939","qid":"242744","title":"Red Hat Update for rpm (RHSA-2024:0424)"},{"cve":"CVE-2021-35939","qid":"242754","title":"Red Hat Update for rpm (RHSA-2024:0463)"},{"cve":"CVE-2021-35939","qid":"242757","title":"Red Hat Update for rpm (RHSA-2024:0435)"},{"cve":"CVE-2021-35939","qid":"242810","title":"Red Hat Update for rpm (RHSA-2024:0582)"},{"cve":"CVE-2021-35939","qid":"242816","title":"Red Hat Update for rpm (RHSA-2024:0647)"},{"cve":"CVE-2021-35939","qid":"242842","title":"Red Hat Update for rpm (RHSA-2024:0453)"},{"cve":"CVE-2021-35939","qid":"357349","title":"Amazon Linux Security Advisory for rpm : ALAS2023-2024-573"},{"cve":"CVE-2021-35939","qid":"379634","title":"Alibaba Cloud Linux Security Update for rpm (ALINUX3-SA-2024:0030)"},{"cve":"CVE-2021-35939","qid":"502949","title":"Alpine Linux Security Update for rpm"},{"cve":"CVE-2021-35939","qid":"505818","title":"Alpine Linux Security Update for rpm"},{"cve":"CVE-2021-35939","qid":"672363","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2741)"},{"cve":"CVE-2021-35939","qid":"672374","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2776)"},{"cve":"CVE-2021-35939","qid":"672457","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2829)"},{"cve":"CVE-2021-35939","qid":"672471","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2855)"},{"cve":"CVE-2021-35939","qid":"691000","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for rpm4 (0c52abde-717b-11ed-98ca-40b034429ecf)"},{"cve":"CVE-2021-35939","qid":"710651","title":"Gentoo Linux RPM Multiple Vulnerabilities (GLSA 202210-22)"},{"cve":"CVE-2021-35939","qid":"903739","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10784)"},{"cve":"CVE-2021-35939","qid":"903833","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10769)"},{"cve":"CVE-2021-35939","qid":"904122","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10769-1)"},{"cve":"CVE-2021-35939","qid":"941549","title":"AlmaLinux Security Update for rpm (ALSA-2024:0463)"},{"cve":"CVE-2021-35939","qid":"941568","title":"AlmaLinux Security Update for rpm (ALSA-2024:0647)"},{"cve":"CVE-2021-35939","qid":"961111","title":"Rocky Linux Security Update for rpm (RLSA-2024:0647)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-35939","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"RPM","version":{"version_data":[{"version_value":"Fixed in RPM-v4.18"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-59 - Improper Link Resolution Before File Access ('Link Following')"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://rpm.org/wiki/Releases/4.18.0","url":"https://rpm.org/wiki/Releases/4.18.0"},{"refsource":"MISC","name":"https://github.com/rpm-software-management/rpm/pull/1919","url":"https://github.com/rpm-software-management/rpm/pull/1919"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1964129","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964129"},{"refsource":"MISC","name":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","url":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2021-35939","url":"https://access.redhat.com/security/cve/CVE-2021-35939"},{"refsource":"GENTOO","name":"GLSA-202210-22","url":"https://security.gentoo.org/glsa/202210-22"}]},"description":{"description_data":[{"lang":"eng","value":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2022-08-26 16:15:00","lastModifiedDate":"2023-02-04 01:16:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*","versionEndExcluding":"4.18","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"35939","Ordinal":"211447","Title":"CVE-2021-35939","CVE":"CVE-2021-35939","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"35939","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}