CVE-2021-44568

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 60.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Libsolv

Timeline

PublishedFeb 21

Latest updateFeb 22

Description

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDopensuse/libsolv< 0.7.17

▶Debianlibsolv< 0.7.17-1+3

🔴Vulnerability Details

GHSA

GHSA-wmfm-g4qc-662g: Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies funct↗2022-02-22

▶

CVEList

CVE-2021-44568: Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies funct↗2022-02-21

▶

OSV

CVE-2021-44568: Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies funct↗2022-02-21

▶

📋Vendor Advisories

Red Hat

libsolv: heap-overflows in resolve_dependencies function↗2022-02-21

▶

Debian

CVE-2021-44568: libsolv - Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 D...↗2021

▶