Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3200

Опубликовано: 13 дек. 2020
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

A flaw was found in libsolv. A buffer overflow vulnerability could cause a denial of service. The highest threat from this vulnerability is to system availability.

Отчет

It is not clear how this flaw could cause denial of service in most practical situations in general, and it is not the case in Red Hat Enterprise Linux package management, therefore we have lowered the Impact to Low. This is due to the fact that it is a small out of bounds read triggered by the testsolv program in the code used to evaluate testcases: https://github.com/openSUSE/libsolv/blob/master/doc/testsolv.txt Red Hat Update Infrastructure 3.1 is in the maintenance phase and we will not be fixing Medium/Low impact security bugs. Reference: https://access.redhat.com/support/policy/updates/rhui

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2libsolvAffected
Red Hat Enterprise Linux 7libsolvOut of support scope
Red Hat Enterprise Linux 9libsolvNot affected
Red Hat Update Infrastructure 3 for Cloud ProviderslibsolvWill not fix
Red Hat Enterprise Linux 8libsolvFixedRHSA-2021:440809.11.2021
Red Hat Satellite 6.11 for RHEL 7libsolvFixedRHSA-2022:549805.07.2022
Red Hat Satellite 6.11 for RHEL 7libsolvFixedRHSA-2022:549805.07.2022
Red Hat Satellite 6.11 for RHEL 8libsolvFixedRHSA-2022:549805.07.2022
Red Hat Satellite 6.11 for RHEL 8libsolvFixedRHSA-2022:549805.07.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1962307libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c

EPSS

Процентиль: 14%
0.00045
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3200

CVSS3: 3.3
ubuntu
больше 4 лет назад

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

nvd логотип

CVE-2021-3200

CVSS3: 3.3
nvd
больше 4 лет назад

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

msrc логотип

CVE-2021-3200

CVSS3: 3.3
msrc
больше 4 лет назад

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool FILE *fp const char *testcase Queue *job char **resultp int *resultflagsp function at src/testcase.c: line 2334 which could cause a denial of service

debian логотип

CVE-2021-3200

CVSS3: 3.3
debian
больше 4 лет назад

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...

rocky логотип

RLSA-2021:4408

rocky
около 4 лет назад

Low: libsolv security and bug fix update

EPSS

Процентиль: 14%
0.00045
Низкий

3.3 Low

CVSS3