Vulnerability CVE-2021-38185

Vulnerability Name:

CVE-2021-38185 (CCN-207047)

Assigned:

2021-08-06

Published:

2021-08-06

Updated:

2023-06-04

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-38185

Source: XF
Type: UNKNOWN
gnucpio-cve202138185-integer-overflow(207047)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: GNU Mailing List, Fri, 6 Aug 2021 20:15:00 +0000
cpio RCE Exploit Caused by Integer Overflow

Source: cve@mitre.org
Type: Exploit, Mailing List, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Mailing List, Vendor Advisory
cve@mitre.org

Source: CCN
Type: GNU Web site
GNU cpio

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6609002 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185)

Source: CCN
Type: IBM Security Bulletin 6831853 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:cpio:2.13:*:*:*:*:*:*:*

AND

cpe:/a:ibm:sterling_connect:direct:6.0.0:*:*:*:unix:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7468	P	cpio-2.13-150400.1.98 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51942	P	Security update for qemu (Moderate)	2022-10-27
oval:org.opensuse.security:def:51937	P	Security update for libxml2 (Important)	2022-10-21
oval:org.opensuse.security:def:752	P	Security update for qpdf (Important)	2022-09-12
oval:org.opensuse.security:def:3653	P	Security update for libxml2 (Important)	2022-07-26
oval:org.opensuse.security:def:3464	P	cups-filters-1.0.58-19.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2894	P	cpio-2.13-150400.1.98 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94576	P	gstreamer-plugins-base-1.20.1-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94524	P	cpio-2.13-150400.1.98 on GA media (Moderate)	2022-06-22
oval:com.redhat.rhsa:def:20221991	P	RHSA-2022:1991: cpio security update (Moderate)	2022-05-10
oval:org.opensuse.security:def:112106	P	cpio-2.13-3.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:100021	P	(Important)	2021-12-01
oval:org.opensuse.security:def:93112	P	(Important)	2021-12-01
oval:org.opensuse.security:def:93265	P	(Moderate)	2021-10-06
oval:org.opensuse.security:def:105643	P	cpio-2.13-3.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:30235	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:45666	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:89180	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:127153	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:38770	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:58806	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:84654	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:31669	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:41236	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:59783	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:86133	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:32983	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:55938	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:23954	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:87447	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:33960	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:57071	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:83322	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:30115	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:44501	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:88489	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:126756	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:38107	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:57988	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:84196	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:31248	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:51636	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:89438	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:40071	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:59525	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:85712	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:55234	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:23648	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:60336	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:86629	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:33702	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:56058	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:82618	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:29411	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:43200	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:88175	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:125587	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:34513	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:57492	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:83442	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:91976	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:73675	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:64553	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:8815	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:99667	P	(Important)	2021-08-16
oval:org.opensuse.security:def:92761	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:99121	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:69902	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:9762	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:101483	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:92171	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:73864	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:64742	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:9010	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:111665	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:99981	P	(Important)	2021-08-16
oval:org.opensuse.security:def:92959	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:99313	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:70267	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:10127	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:101289	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:92363	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:69513	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:9373	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:100317	P	(Important)	2021-08-16
oval:org.opensuse.security:def:99512	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:70453	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:10313	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:8629	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:99404	P	(Important)	2021-08-16
oval:org.opensuse.security:def:92562	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:98926	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:69703	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:9563	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:107955	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:100646	P	(Important)	2021-08-16
oval:org.opensuse.security:def:99711	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:23949	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:87440	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:33955	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:57066	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:83317	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:30110	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:88484	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:126751	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:57984	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:84191	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:31243	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:51631	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:89433	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:59520	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:85707	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:32161	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:55229	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:23643	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:60327	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:86625	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:33697	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:56053	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:82613	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:29406	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:88170	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:125582	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:34504	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:57487	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:83437	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:30230	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:89175	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:127148	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:58799	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:84649	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:31664	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:59778	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:86128	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:32976	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:55933	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:44500	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:38106	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:40070	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:43199	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:45665	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:38769	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:41235	P	Security update for cpio (Important)	2021-08-12

BACK