CVE-2018-20534

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libsolv versions through 0.7.2

Description The issue is related to errors in resource management, specifically in the pool whatprovides function of the libsolv library. It may allow a remote attacker to cause a denial of service. However, it is noted that the issue may only affect the test suite and not the underlying library, and it cannot be exploited in any real-world application.

Recommendations For libsolv versions through 0.7.2, consider updating to a version where this issue is resolved, if such a version exists. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the pool whatprovides function until a patch is available.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-399

Related Identifiers

BDU:2019-01298

CESA-2019_2290

CESA-2019_3583

CVE-2018-20534

OPENSUSE-SU-2019:1927-1

OPENSUSE-SU-2019_1927-1

RHSA-2019:2290

RHSA-2019:3583

RHSA-2019_2290

RHSA-2019_3583

SUSE-RU-2019:2742-1

SUSE-SU-2019:1972-1

SUSE-SU-2019:2030-1

SUSE-SU-2019:2265-1

SUSE-SU-2020:2660-1

USN-3916-1

USN-4851-1

Affected Products

Centos

Red Hat

Suse

Ubuntu

Libsolv

CVE-2018-20534

Weakness Enumeration

Related Identifiers

Affected Products

References · 97