TROYANOSYVIRUS
Voltar para CVEs

CVE-2021-25636

HIGH
7.5

Descricao

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Detalhes CVE

Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/24/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

fedoraproject:fedoralibreoffice:libreoffice

Fraquezas (CWE)

CWE-347CWE-295

Referencias

https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html(security@documentfoundation.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/(security@documentfoundation.org)
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/(security@documentfoundation.org)
https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/(af854a3a-2127-422b-91ae-364da2661108)
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.