{
  "threat_severity" : "Moderate",
  "public_date" : "2020-11-19T00:00:00Z",
  "bugzilla" : {
    "description" : "edk2: possible heap corruption with LzmaUefiDecompressGetInfo",
    "id" : "1883529",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1883529"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-120",
  "details" : [ "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.", "A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-06-29T00:00:00Z",
    "advisory" : "RHSA-2021:2591",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "edk2-0:20200602gitca407c7246bf-4.el8_4.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ovmf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-28211\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28211" ],
  "name" : "CVE-2021-28211",
  "csaw" : false
}