Lucene search
K
OpensuseLibsolv

13 matches found

CVE
CVE
added 2021/05/18 4:14 p.m.219 views

CVE-2021-3200

CVE-2021-3200 is a buffer overflow in libsolv (2020-12-13 solver testcase_read path) that could cause a denial of service. The vulnerability affects libsolv components handling Testcase reads and causes memory overflow when input size exceeds destination buffer. Connected IBM bulletin entries als...

4.3CVSS4.4AI score0.01313EPSS
CVE
CVE
added 2018/12/28 3:0 a.m.205 views

CVE-2018-20534

CVE-2018-20534 refers to an illegal address access in libsolv.a (libsolv) in versions up to 0.7.2, which the sources describe as causing a denial of service. The issue is echoed across multiple advisories (e.g., Ubuntu USN-4851, Oracle Linux ELSA, AlmaLinux ALSA) and is noted in some entries as d...

6.5CVSS6.3AI score0.0233EPSS
CVE
CVE
added 2018/12/28 3:0 a.m.193 views

CVE-2018-20532

CVE-2018-20532 describes a NULL pointer dereference in libsolv, specifically in ext/testcase.c (function testcase_read) of libsolv until version 0.7.2, which can lead to a denial of service. The connected advisories from MiracleLinux, Ubuntu USN-4851-1, Oracle Linux ELSA-2019-2290, and others ind...

6.5CVSS6.3AI score0.02146EPSS
CVE
CVE
added 2020/01/21 10:54 p.m.180 views

CVE-2019-20387

CVE-2019-20387: heap-based buffer over-read in repodata_schema2id() of libsolv (repodata.c) causing potential crash. Affected: Cloud Pak for Security (CP4S) versions 1.8.1.0, 1.8.0.0, 1.7.2.0. Root cause: last schema length shorter than input schema leading to over-read. Remediation: upgrade to C...

7.5CVSS7.4AI score0.02338EPSS
CVE
CVE
added 2018/12/28 3:0 a.m.163 views

CVE-2018-20533

CVE-2018-20533 is a NULL pointer dereference vulnerability in libsolvext.a (libsolv) affecting libsolv up to version 0.7.2, specifically in ext/testcase.c (testcase_str2dep_complex). Exploitation context and affected packages are evidenced across multiple advisories and Nessus plugins (e.g., Orac...

6.5CVSS6.3AI score0.02164EPSS
CVE
CVE
added 2021/09/02 2:58 p.m.154 views

CVE-2021-33929

CVE-2021-33929 describes a buffer-overflow vulnerability in libsolv’s pool_disabled_sovable path (src/repo.h) that can trigger a Denial of Service. Affected is libsolv versions before 0.7.17; the root cause is an out-of-bounds write in pool_disabled_sovable, leading to DoS under crafted input. IB...

7.5CVSS7.3AI score0.01441EPSS
CVE
CVE
added 2021/09/02 2:58 p.m.152 views

CVE-2021-33928

CVE-2021-33928 is a buffer overflow in libsolv (function pool_installable in src/repo.h) that allows Denial of Service via out-of-bounds writes in libsolv versions before 0.7.17. The connected IBM bulletin entries corroborate multiple libsolv CVEs in a vendor context, but the specific entry detai...

7.5CVSS7.3AI score0.01462EPSS
CVE
CVE
added 2021/09/02 2:58 p.m.152 views

CVE-2021-33938

CVE-2021-33938 is a buffer/heap-related Denial of Service in libsolv (prune_to_recommended in src/policy.c) where versions before 0.7.17 are affected. The vulnerability arises from a vulnerability in the prune_to_recommended path that could be exploited to cause a DoS. Affected software is libsol...

7.5CVSS7.3AI score0.01422EPSS
CVE
CVE
added 2021/09/02 2:58 p.m.151 views

CVE-2021-33930

CVE-2021-33930 is a buffer overflow/DoS vulnerability in libsolv, specifically in pool_installable_whatprovides within src/repo.h, affecting libsolv before 0.7.17. The IBM security bulletins enumerate this and related CVEs (CVE-2021-33928/33929) under IBM Cloud Pak for Business Automation/AIOps, ...

7.5CVSS7.3AI score0.01462EPSS
CVE
CVE
added 2022/02/21 5:38 p.m.146 views

CVE-2021-44568

CVE-2021-44568 describes two heap-overflow vulnerabilities in openSUSE/libsolv/libsolv that could allow an attacker to cause a remote Denial of Service via the decisionmap/resolve_dependencies path in libsolv. The connected IBM/Red Hat/NCSC/Nessus entries corroborate the issue and reference affec...

6.5CVSS6.7AI score0.01767EPSS
CVE
CVE
added 2026/05/26 4:16 p.m.63 views

CVE-2026-48864

CVE-2026-48864 affects libsolv. The issue is a heap buffer overflow during decompression of attacker-controlled data in .solv files, caused by insufficient input validation in repopagestore. This can lead to out-of-bounds memory access with potential information disclosure, alteration of program ...

7.8CVSS5.9AI score0.00205EPSS
CVE
CVE
added 2026/05/20 11:7 p.m.31 views

CVE-2026-9150

Libsolv contains a stack-based buffer overflow in the Debian metadata parser when processing specially crafted Debian repository metadata. The vulnerability is triggered by malicious SHA384/SHA512 checksum tags, causing memory corruption and a denial of service. Affected component: libsolv’s Debi...

6.5CVSS6.1AI score0.00399EPSS
CVE
CVE
added 2026/05/20 11:34 p.m.30 views

CVE-2026-9149

The CVE-2026-9149 entry describes a heap buffer overflow in libsolv, triggered when processing a crafted .solv file that contains negative size values fed to the repo_add_solv function. This results in an undersized allocation followed by an out-of-bounds write, enabling a potential denial of ser...

6.5CVSS5.9AI score0.00291EPSS