CVE-2019-20387

CWE-125Out-of-bounds Read7 documents7 sources
Severity
7.5HIGH
EPSS
0.2%
top 54.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse LibsolvDebian Debian Linux
Timeline
PublishedJan 21
Latest updateMay 24

Description

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDopensuse/libsolv< 0.7.6
Debianlibsolv< 0.6.36-2+3

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-vvx2-pj87-xmpx: repodata_schema2id in repodata2022-05-24
CVEList
CVE-2019-20387: repodata_schema2id in repodata2020-01-21
OSV
CVE-2019-20387: repodata_schema2id in repodata2020-01-21

📋Vendor Advisories

2
Red Hat
libsolv: out-of-bounds read in repodata_schema2id in repodata.c2020-01-21
Debian
CVE-2019-20387: libsolv - repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer...2019

💬Community

1
Bugzilla
CVE-2019-20387 libsolv: out-of-bounds read in repodata_schema2id in repodata.c2020-01-31
CVE-2019-20387 (HIGH CVSS 7.5) | repodata_schema2id in repodata.c in | cvebase.io