Jrohel

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.3 **Description** The issue is related to a NULL pointer dereference in the `testcase read` function of the libsolv library. This can cause a denial of service. The exploitation of this issue may allow a remote attacker to cause a service disruption. **Recommendations** For versions prior to 0.7.3, update to version 0.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `testcase read` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.3 **Description** The issue is related to a NULL pointer dereference in the `testcase str2dep complex` function at `ext/testcase.c` in `libsolvext.a` of the `libsolv` library. This can cause a denial of service. The vulnerability can be exploited by a remote attacker to achieve a denial of service. **Recommendations** For versions prior to 0.7.3, update to version 0.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `testcase str2dep complex` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsolv versions through 0.7.2 **Description** The issue is related to errors in resource management, specifically in the `pool whatprovides` function of the libsolv library. It may allow a remote attacker to cause a denial of service. However, it is noted that the issue may only affect the test suite and not the underlying library, and it cannot be exploited in any real-world application. **Recommendations** For libsolv versions through 0.7.2, consider updating to a version where this issue is resolved, if such a version exists. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `pool whatprovides` function until a patch is available.