Found By

**Name of the Vulnerable Software and Affected Versions** Pacemaker (affected versions not specified) **Description** An integer overflow exists in the remote message decompression process. An unauthenticated remote attacker can exploit this by sending a specially crafted compressed remote message before authentication, causing memory corruption. This leads to a denial of service (DoS) in the CIB remote listener, resulting in the affected service crashing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsolv (affected versions not specified) **Description** A heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file that, when processed by a vulnerable application, leads to out-of-bounds memory access. This may result in information disclosure, alteration of program execution, or a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsolv (affected versions not specified) **Description** A stack-based buffer overflow occurs in the Debian metadata parser of libsolv when processing specially crafted Debian repository metadata. An attacker can trigger this by providing malicious SHA384 or SHA512 checksum tags, resulting in memory corruption and a denial of service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsolv (affected versions not specified) **Description** A heap buffer overflow occurs when processing a specially crafted `.solv` file containing negative size values in the `repo add solv()` function. This results in an undersized memory allocation and a subsequent out-of-bounds write, which an attacker could exploit to cause a denial of service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.