Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-28
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application
| Products | Ubuntu_linux, Libsolv |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://github.com/openSUSE/libsolv/pull/291 |
| Links |
• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html
• https://access.redhat.com/errata/RHSA-2019:2290 • https://usn.ubuntu.com/3916-1/ • https://bugzilla.redhat.com/show_bug.cgi?id=1652604 • https://access.redhat.com/errata/RHSA-2019:3583 |