CVE-2016-20021

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 12, 2024

Updated: Jan 22, 2024

CWE ID 347

Summary

CVE-2016-20021 is a vulnerability affecting Gentoo Portage before version 3.0.47. During the use of the emerge-webrsync tool, a .gpgsig file is downloaded but not verified for authenticity through PGP signature verification. This issue potentially exposes users to code injection risks, but it only affects emerge-wehrsync and not regular Portage usage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gentoo Portage

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uHNMYd
https://www.cve.org/CVERecord?id=CVE-2016-20021
https://nvd.nist.gov/vuln/detail/CVE-2016-20021

Back to Vulnerability Database

CVE-2016-20021

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations