How severe is CVE-2016-20021?

CVE-2016-20021 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2016-20021

Name: portage
Author: gentoo

9.8CRITICAL

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-we

게시됨: 1/12/2024업데이트됨: 6/3/2025

설명

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

AI 분석AI 기반

영향받는 제품

gentooportage

참조

https://bugs.gentoo.org/597800
Issue TrackingPatch
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS
Release Notes
https://wiki.gentoo.org/wiki/Portage
Product
https://bugs.gentoo.org/597800
Issue TrackingPatch
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS
Release Notes
https://wiki.gentoo.org/wiki/Portage
Product