libsolv.so is vulnerable to denial of service (DoS) attacks. A remote attacker is able to cause heap-based buffer overflow in `resolve_weak` function in `src/solver.c` resulting in a system crash.
{"id": "VERACODE:34342", "vendorId": null, "type": "veracode", "bulletinFamily": "software", "title": "Denial Of Service (DoS)", "description": "libsolv.so is vulnerable to denial of service (DoS) attacks. A remote attacker is able to cause heap-based buffer overflow in `resolve_weak` function in `src/solver.c` resulting in a system crash.\n", "published": "2022-02-22T07:54:22", "modified": "2022-06-13T18:20:30", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34342/summary", "reporter": "Veracode Vulnerability Database", "references": ["https://github.com/openSUSE/libsolv/issues/426", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVLRHB6CUX3SHYOIGVUQNWAOW5JYANWH/", "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_weak-2222", "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_weak-2249"], "cvelist": ["CVE-2021-44576"], "immutableFields": [], "lastseen": "2022-06-18T08:16:37", "viewCount": 28, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-44576"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-44576"]}, {"type": "fedora", "idList": ["FEDORA:95A3E30957D2"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-44576"]}]}, "affected_software": {"major_version": [{"name": "libsolv.so", "version": 1}, {"name": "libsolv.so", "version": 0}, {"name": "libsolv.so", "version": 1}, {"name": "libsolv.so", "version": 0}]}, "vulnersScore": 5.0}, "_state": {"score": 1660008085, "dependencies": 1660004461, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "8b1e55593872bd03901914d96153e894"}, "affectedSoftware": [{"version": "1", "operator": "le", "name": "libsolv.so"}, {"version": "0", "operator": "ge", "name": "libsolv.so"}, {"version": "1", "operator": "le", "name": "libsolv.so"}, {"version": "0", "operator": "ge", "name": "libsolv.so"}]}
{"cnvd": [{"lastseen": "2022-08-27T04:59:37", "description": "libsolv is a library for checking package dependencies. libsolv is vulnerable to a heap overflow vulnerability, which stems from the existence of two memory vulnerabilities in libsolv located in the resolve_weak function in src/solver.c. No detailed vulnerability details are currently available.", "cvss3": {}, "published": "2022-02-23T00:00:00", "type": "cnvd", "title": "libsolv Heap Overflow Vulnerability (CNVD-2022-15951)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2021-44576"], "modified": "2022-03-02T00:00:00", "id": "CNVD-2022-15951", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-15951", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2022-06-13T22:00:46", "description": "Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249.", "cvss3": {}, "published": "2022-02-21T20:15:00", "type": "debiancve", "title": "CVE-2021-44576", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-44576"], "modified": "2022-02-21T20:15:00", "id": "DEBIANCVE:CVE-2021-44576", "href": "https://security-tracker.debian.org/tracker/CVE-2021-44576", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2022-11-03T17:47:24", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-02-22T04:46:51", "type": "redhatcve", "title": "CVE-2021-44576", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3200", "CVE-2021-44576"], "modified": "2022-11-03T12:35:40", "id": "RH:CVE-2021-44576", "href": "https://access.redhat.com/security/cve/cve-2021-44576", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-06-13T19:08:02", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2022-02-21T20:15:00", "type": "cve", "title": "CVE-2021-44576", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3200", "CVE-2021-44576"], "modified": "2022-06-13T17:15:00", "cpe": [], "id": "CVE-2021-44576", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44576", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "fedora": [{"lastseen": "2022-06-13T19:10:45", "description": "A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: - Using a dictionary approach to store and retrieve package and dependency information. - Using satisfiability, a well known and researched topic, for resolving package dependencies. ", "cvss3": {}, "published": "2022-03-01T15:05:49", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: libsolv-0.7.21-1.fc35", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-44569", "CVE-2021-44570", "CVE-2021-44571", "CVE-2021-44573", "CVE-2021-44574", "CVE-2021-44575", "CVE-2021-44576", "CVE-2021-44577"], "modified": "2022-03-01T15:05:49", "id": "FEDORA:95A3E30957D2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XVLRHB6CUX3SHYOIGVUQNWAOW5JYANWH/", "cvss": {"score": 0.0, "vector": "NONE"}}]}
Denial Of Service (DoS)
