How severe is CVE-2016-20021?

CVE-2016-20021 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2016-20021

Name: portage
Author: gentoo

9.8CRITICAL

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-we

公開日: 1/12/2024更新日: 6/3/2025

説明

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

AI分析AIによる分析

影響を受ける製品

gentooportage

参照

https://bugs.gentoo.org/597800
Issue TrackingPatch
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS
Release Notes
https://wiki.gentoo.org/wiki/Portage
Product
https://bugs.gentoo.org/597800
Issue TrackingPatch
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS
Release Notes
https://wiki.gentoo.org/wiki/Portage
Product