// For flags

CVE-2021-33928

libsolv: heap-based buffer overflow in pool_installable() in src/repo.h

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Una vulnerabilidad de desbordamiento del búfer en la función pool_installable en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio

A flaw was found in libsolv. A buffer overflow in the pool_installable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-07 CVE Reserved
  • 2021-09-02 CVE Published
  • 2024-05-18 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Libsolv
Search vendor "Opensuse" for product "Libsolv"
<= 0.7.17
Search vendor "Opensuse" for product "Libsolv" and version " <= 0.7.17"
-
Affected