CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-44568 – libsolv: heap-overflows in resolve_dependencies function
https://notcve.org/view.php?id=CVE-2021-44568
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. Se presentan dos vulnerabilidades de desbordamiento de pila en openSUSE/libsolv libsolv versiones hasta el 13 de diciembre de 2020 en la variable decisionmap por medio de la función resolve_dependencies en src/solver.c (línea 1940 y línea 1995), que podría causar una denegación de servicio remota A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader. • https://github.com/openSUSE/libsolv/issues/425 https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940 https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995 https://access.redhat.com/security/cve/CVE-2021-44568 https://bugzilla.redhat.com/show_bug.cgi?id=2057178 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33938 – libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c
https://notcve.org/view.php?id=CVE-2021-33938
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento de búfer en la función prune_to_recommended en el archivosrc/policy.c en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una denegación de servicio A flaw was found in libsolv. A buffer overflow vulnerability in the prune_to_recommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/420 https://access.redhat.com/security/cve/CVE-2021-33938 https://bugzilla.redhat.com/show_bug.cgi?id=2000707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33930 – libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33930
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento de búfer en la función pool_installable_whatprovides en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow vulnerability in the pool_installable_whatprovides function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33930 https://bugzilla.redhat.com/show_bug.cgi?id=2000705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33929 – libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33929
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento del búfer en la función pool_disabled_solvable en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow vulnerability in the pool_disabled_solvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33929 https://bugzilla.redhat.com/show_bug.cgi?id=2000703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33928 – libsolv: heap-based buffer overflow in pool_installable() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33928
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento del búfer en la función pool_installable en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow in the pool_installable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33928 https://bugzilla.redhat.com/show_bug.cgi?id=2000699 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •