Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

...

libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h

A flaw was found in libsolv. A buffer overflow vulnerability in the poolinstallablewhatprovides function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c

A flaw was found in libsolv. A buffer overflow vulnerability in the prunetorecommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...