13 matches found
CVE-2021-3200
CVE-2021-3200 is a buffer overflow in libsolv (2020-12-13 solver testcase_read path) that could cause a denial of service. The vulnerability affects libsolv components handling Testcase reads and causes memory overflow when input size exceeds destination buffer. Connected IBM bulletin entries als...
CVE-2018-20534
CVE-2018-20534 refers to an illegal address access in libsolv.a (libsolv) in versions up to 0.7.2, which the sources describe as causing a denial of service. The issue is echoed across multiple advisories (e.g., Ubuntu USN-4851, Oracle Linux ELSA, AlmaLinux ALSA) and is noted in some entries as d...
CVE-2018-20532
CVE-2018-20532 describes a NULL pointer dereference in libsolv, specifically in ext/testcase.c (function testcase_read) of libsolv until version 0.7.2, which can lead to a denial of service. The connected advisories from MiracleLinux, Ubuntu USN-4851-1, Oracle Linux ELSA-2019-2290, and others ind...
CVE-2019-20387
CVE-2019-20387: heap-based buffer over-read in repodata_schema2id() of libsolv (repodata.c) causing potential crash. Affected: Cloud Pak for Security (CP4S) versions 1.8.1.0, 1.8.0.0, 1.7.2.0. Root cause: last schema length shorter than input schema leading to over-read. Remediation: upgrade to C...
CVE-2018-20533
CVE-2018-20533 is a NULL pointer dereference vulnerability in libsolvext.a (libsolv) affecting libsolv up to version 0.7.2, specifically in ext/testcase.c (testcase_str2dep_complex). Exploitation context and affected packages are evidenced across multiple advisories and Nessus plugins (e.g., Orac...
CVE-2021-33929
CVE-2021-33929 describes a buffer-overflow vulnerability in libsolv’s pool_disabled_sovable path (src/repo.h) that can trigger a Denial of Service. Affected is libsolv versions before 0.7.17; the root cause is an out-of-bounds write in pool_disabled_sovable, leading to DoS under crafted input. IB...
CVE-2021-33930
CVE-2021-33930 is a buffer overflow/DoS vulnerability in libsolv, specifically in pool_installable_whatprovides within src/repo.h, affecting libsolv before 0.7.17. The IBM security bulletins enumerate this and related CVEs (CVE-2021-33928/33929) under IBM Cloud Pak for Business Automation/AIOps, ...
CVE-2021-33928
CVE-2021-33928 is a buffer overflow in libsolv (function pool_installable in src/repo.h) that allows Denial of Service via out-of-bounds writes in libsolv versions before 0.7.17. The connected IBM bulletin entries corroborate multiple libsolv CVEs in a vendor context, but the specific entry detai...
CVE-2021-33938
CVE-2021-33938 is a buffer/heap-related Denial of Service in libsolv (prune_to_recommended in src/policy.c) where versions before 0.7.17 are affected. The vulnerability arises from a vulnerability in the prune_to_recommended path that could be exploited to cause a DoS. Affected software is libsol...
CVE-2021-44568
CVE-2021-44568 describes two heap-overflow vulnerabilities in openSUSE/libsolv/libsolv that could allow an attacker to cause a remote Denial of Service via the decisionmap/resolve_dependencies path in libsolv. The connected IBM/Red Hat/NCSC/Nessus entries corroborate the issue and reference affec...
CVE-2026-48864
CVE-2026-48864 affects libsolv. The issue is a heap buffer overflow during decompression of attacker-controlled data in .solv files, caused by insufficient input validation in repopagestore. This can lead to out-of-bounds memory access with potential information disclosure, alteration of program ...
CVE-2026-9150
Libsolv contains a stack-based buffer overflow in the Debian metadata parser when processing specially crafted Debian repository metadata. The vulnerability is triggered by malicious SHA384/SHA512 checksum tags, causing memory corruption and a denial of service. Affected component: libsolv’s Debi...
CVE-2026-9149
The CVE-2026-9149 entry describes a heap buffer overflow in libsolv, triggered when processing a crafted .solv file that contains negative size values fed to the repo_add_solv function. This results in an undersized allocation followed by an out-of-bounds write, enabling a potential denial of ser...