CVE-2021-44568
libsolv: heap-overflows in resolve_dependencies function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
Se presentan dos vulnerabilidades de desbordamiento de pila en openSUSE/libsolv libsolv versiones hasta el 13 de diciembre de 2020 en la variable decisionmap por medio de la función resolve_dependencies en src/solver.c (línea 1940 y línea 1995), que podría causar una denegación de servicio remota
A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-06 CVE Reserved
- 2022-02-21 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-44568 | 2022-07-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2057178 | 2022-07-05 |