CVE-2018-20534

CWE-119Buffer OverflowCWE-125Out-of-bounds Read10 documents8 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse LibsolvCanonical Ubuntu Linux
Timeline
PublishedDec 28
Latest updateMay 13

Description

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianlibsolv< 0.6.36-1+3
NVDopensuse/libsolv0.7.2

Also affects: Ubuntu Linux 18.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-qghc-5fvm-f36w: ** DISPUTED ** There is an illegal address access at ext/testcase2022-05-13
OSV
CVE-2018-20534: There is an illegal address access at ext/testcase2018-12-28
CVEList
CVE-2018-20534: There is an illegal address access at ext/testcase2018-12-28

📋Vendor Advisories

4
Ubuntu
Libsolv vulnerabilities2021-03-15
Ubuntu
libsolv vulnerabilities2019-03-22
Red Hat
libsolv: illegal address access in pool_whatprovides in src/pool.h2018-11-22
Debian
CVE-2018-20534: libsolv - There is an illegal address access at ext/testcase.c in libsolv.a in libsolv thr...2018

💬Community

2
Bugzilla
CVE-2018-20534 libsolv: illegal address access in pool_whatprovides in src/pool.h2019-01-11
Bugzilla
CVE-2018-20534 libsolv: illegal address access in pool_whatprovides in src/pool.h [fedora-all]2019-01-11
CVE-2018-20534 (MEDIUM CVSS 6.5) | There is an illegal address access | cvebase.io