CVE-2018-20534
Summary
| CVE | CVE-2018-20534 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-12-28 16:29:00 UTC |
|---|
| Updated | 2023-11-07 02:56:00 UTC |
|---|
| Description | ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| USN-3916-1: libsolv vulnerabilities | Ubuntu security notices | Ubuntu |
UBUNTU |
usn.ubuntu.com |
Third Party Advisory |
| 1652604 – There is an illegal address access at src/pool.h:331 pool_whatprovides in libsolv. |
MISC |
bugzilla.redhat.com |
Exploit, Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Fix: memory leaks, memory access, non used values by jrohel · Pull Request #291 · openSUSE/libsolv · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| [security-announce] openSUSE-SU-2019:1927-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Bug 1120631 – VUL-1: CVE-2018-20534: libsolv: illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a |
CONFIRM |
bugzilla.suse.com |
Issue Tracking, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377449 Alibaba Cloud Linux Security Update for libsolv (ALINUX2-SA-2019:0072)
- 940335 AlmaLinux Security Update for yum (ALSA-2019:3583)
