Описание
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader.
Отчет
This flaw has been marked as Low impact because it is in the test case reader and is an out-of-bounds read. This issue is related to already fixed issue (https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec) that is part of libsolv-0.7.17. RHEL-8.6.z and above, and RHEL-9 ships versions of libsolv greater than 0.7.17. Hence, as the flaw is having LOW security impact, Red Hat Enterprise Linux - 8, 9 are set to not affected. However, RHEL-8 streams that ships libsolv versions prior to 0.7.17 are still affected. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libsolv | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libsolv | Not affected | ||
| Red Hat Enterprise Linux 9 | libsolv | Not affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | libsolv | Will not fix | ||
| Red Hat Satellite 6.11 for RHEL 7 | libsolv | Fixed | RHSA-2022:5498 | 05.07.2022 |
| Red Hat Satellite 6.11 for RHEL 7 | libsolv | Fixed | RHSA-2022:5498 | 05.07.2022 |
| Red Hat Satellite 6.11 for RHEL 8 | libsolv | Fixed | RHSA-2022:5498 | 05.07.2022 |
| Red Hat Satellite 6.11 for RHEL 8 | libsolv | Fixed | RHSA-2022:5498 | 05.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
Уязвимость функции resolve_dependencies библиотеки libsolv, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.3 Medium
CVSS3