Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libsolv
(Opensuse)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-18 | CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | Libsolv, Communications_cloud_native_core_policy | 3.3 | ||
| 2021-09-02 | CVE-2021-33928 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | Libsolv | 7.5 | ||
| 2021-09-02 | CVE-2021-33929 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | Libsolv | 7.5 | ||
| 2021-09-02 | CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | Libsolv | 7.5 | ||
| 2021-09-02 | CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | Libsolv | 7.5 | ||
| 2022-02-21 | CVE-2021-44568 | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | Libsolv | 6.5 | ||
| 2018-12-28 | CVE-2018-20534 | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application | Ubuntu_linux, Libsolv | 6.5 | ||
| 2020-01-21 | CVE-2019-20387 | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | Debian_linux, Libsolv | 7.5 | ||
| 2018-12-28 | CVE-2018-20533 | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | Ubuntu_linux, Libsolv | 6.5 | ||
| 2018-12-28 | CVE-2018-20532 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | Ubuntu_linux, Libsolv | 6.5 |