{"id":"CVE-2021-35939","details":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","modified":"2026-04-10T08:07:48.868812Z","published":"2022-08-26T16:15:08.683Z","related":["ALSA-2024:0463","ALSA-2024:0647","openSUSE-SU-2024:12562-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-35939"},{"type":"ADVISORY","url":"https://rpm.org/wiki/Releases/4.18.0"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-22"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964129"},{"type":"FIX","url":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"},{"type":"FIX","url":"https://github.com/rpm-software-management/rpm/pull/1919"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/rpm","events":[{"introduced":"0"},{"fixed":"ea0d77c52e176e2876fdb1d07ad41e9e2635a93e"},{"fixed":"96ec957e281220f8e137a2d5eb23b83a6377d556"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.18"}]}}],"versions":["rpm-4.11.0-alpha","rpm-4.12.0-alpha","rpm-4.13.0-alpha","rpm-4.15.0-alpha","rpm-4.16.0-alpha","rpm-4.17.0-alpha","rpm-4.18.0-alpha1","rpm-4.18.0-alpha2","rpm-4.18.0-beta1","rpm-4.18.0-rc1","rpm-4.4-release","rpm-4.4.1-release","rpm-4.4.2-release","rpm-4.4.2.1-rc1","rpm-4.4.2.1-rc2","rpm-4.8.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-35939.json","vanir_signatures_modified":"2026-04-10T08:07:48Z","vanir_signatures":[{"deprecated":false,"digest":{"function_hash":"51856694465730866450330405833723620433","length":342},"source":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","signature_version":"v1","id":"CVE-2021-35939-1956640a","target":{"function":"fsmMkdir","file":"lib/fsm.c"},"signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"186034111476049186295300829892025012098","length":1385},"source":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","signature_version":"v1","id":"CVE-2021-35939-92eaef60","target":{"function":"fsmMkdirs","file":"lib/fsm.c"},"signature_type":"Function"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["154644994441887861360596271520169850884","175152149572366683436651911034386904602","119096473066062126113532352468298658264","25701670050406071112891284538584764463","261673059063099402387109901133705588583","256059668845387079798019009302741893469","19321468217791743603870007706489142571","187438108327857256392028504288385847541","103918263139658266359659253390788510811","150941521499088497925333547599528997896","283948074742624875513857873242787832039","255006609071866433702441091947630269594","323137001026592880068027188476784156146","150931235151849979024299347001094434440","252780761503720508236924016421339661105","306486012318275614874420375777983004823","81147660838892119558011752561765380636","37797368656939761556918185850484712971","180172825599815570140813602814305065781","98514788840922419558881610077720269328","17271428397838605878717237933182815319","136485476269083097183459722610403416873","177340075446683085766489488654292829106","30099617839478745811027949631861677731","114474637711227907794265604611036663062","19758600002095258949316930507367743926","51981754815234216761562766790361244109","314337829508032493075624335776805589329","106389535289211416977866438085381885635","262111582687733395837305764171379122112","47211532644488802689508623263915291357","123990790715856384943520816804110341608","33648731061743324655975397418963000241","91105230833402031625430458487020752614","162792721992481528839006550469104190598","277472717077857046886642537857922451993","163972938749664446231861700577244659944","219564738707654954082414494462882481818","200380991837978245483462706612671581742","74060363666841549345116399017296616347","146778608273975846262152467477418034100","171186788299548222697400784015004250081","96592579453297897904035690341527078532","16505914781300497045734244258737962600","285396548986910663191192016704370084766","70103649481855858505866411847677118660","302217269603846422509190067178406842050","39964777620690388546747779587034311530"]},"source":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","signature_version":"v1","id":"CVE-2021-35939-acb47abe","target":{"file":"lib/fsm.c"},"signature_type":"Line"},{"deprecated":false,"digest":{"function_hash":"152832777518386822551335769201256915448","length":4983},"source":"https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556","signature_version":"v1","id":"CVE-2021-35939-dd9ca3d6","target":{"function":"rpmPackageFilesInstall","file":"lib/fsm.c"},"signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}