Описание
Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.
Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-44575
- https://github.com/openSUSE/libsolv/issues/427
- https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/makeruledecisions-307
- https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/makeruledecisions_147
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVLRHB6CUX3SHYOIGVUQNWAOW5JYANWH
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
[REJECTED CVE] Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage