OpenSuse Libsolv

Do you want an email whenever new security vulnerabilities are reported in OpenSuse Libsolv?

By the Year

In 2024 there have been 0 vulnerabilities in OpenSuse Libsolv . Libsolv did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	1	6.50
2021	5	6.66
2020	1	7.50
2019	0	0.00
2018	3	6.50

It may take a day or so for new Libsolv vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenSuse Libsolv Security Vulnerabilities

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable

CVE-2021-44568 6.5 - Medium - February 21, 2022

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

Memory Corruption

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17

CVE-2021-33938 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Memory Corruption

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17

CVE-2021-33930 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Memory Corruption

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17

CVE-2021-33929 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Memory Corruption

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17

CVE-2021-33928 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Memory Corruption

Buffer overflow vulnerability in libsolv 2020-12-13

CVE-2021-3200 3.3 - Low - May 18, 2021

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

Classic Buffer Overflow

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read

CVE-2019-20387 7.5 - High - January 21, 2020

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Out-of-bounds Read

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2

CVE-2018-20532 6.5 - Medium - December 28, 2018

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

NULL Pointer Dereference

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2

CVE-2018-20533 6.5 - Medium - December 28, 2018

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

NULL Pointer Dereference

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service

CVE-2018-20534 6.5 - Medium - December 28, 2018

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by OpenSuse? Click the Watch button to subscribe.

OpenSuse
Vendor

OpenSuse Libsolv
Product

OpenSuse Libsolv

By the Year

Recent OpenSuse Libsolv Security Vulnerabilities

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable CVE-2021-44568 6.5 - Medium - February 21, 2022

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 CVE-2021-33938 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 CVE-2021-33930 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 CVE-2021-33929 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 CVE-2021-33928 7.5 - High - September 02, 2021

Buffer overflow vulnerability in libsolv 2020-12-13 CVE-2021-3200 3.3 - Low - May 18, 2021

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read CVE-2019-20387 7.5 - High - January 21, 2020

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 CVE-2018-20532 6.5 - Medium - December 28, 2018

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 CVE-2018-20533 6.5 - Medium - December 28, 2018

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service CVE-2018-20534 6.5 - Medium - December 28, 2018

Stay on top of Security Vulnerabilities

OpenSuse Vendor

OpenSuse LibsolvProduct

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable

CVE-2021-44568 6.5 - Medium - February 21, 2022

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17

CVE-2021-33938 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17

CVE-2021-33930 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17

CVE-2021-33929 7.5 - High - September 02, 2021

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17

CVE-2021-33928 7.5 - High - September 02, 2021

Buffer overflow vulnerability in libsolv 2020-12-13

CVE-2021-3200 3.3 - Low - May 18, 2021

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read

CVE-2019-20387 7.5 - High - January 21, 2020

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2

CVE-2018-20532 6.5 - Medium - December 28, 2018

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2

CVE-2018-20533 6.5 - Medium - December 28, 2018

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service

CVE-2018-20534 6.5 - Medium - December 28, 2018

OpenSuse
Vendor

OpenSuse Libsolv
Product