ID CVE-2018-20532
Summary There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:opensuse:libsolv:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.20:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.21:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.21:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.22:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.22:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.23:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.23:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.24:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.24:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.25:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.25:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.26:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.26:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.27:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.27:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.28:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.28:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.29:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.29:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.30:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.30:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.31:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.31:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.32:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.32:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.33:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.33:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.34:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.34:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.35:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.35:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.6.36:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.6.36:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:libsolv:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:libsolv:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 06-08-2019 - 17:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2290
rpms
  • libsolv-0:0.6.34-4.el7
  • libsolv-debuginfo-0:0.6.34-4.el7
  • libsolv-demo-0:0.6.34-4.el7
  • libsolv-devel-0:0.6.34-4.el7
  • libsolv-tools-0:0.6.34-4.el7
  • python2-solv-0:0.6.34-4.el7
refmap via4
misc
suse openSUSE-SU-2019:1927
ubuntu USN-3916-1
Last major update 06-08-2019 - 17:15
Published 28-12-2018 - 16:29
Last modified 06-08-2019 - 17:15
Back to Top