Summary: | CVE-2018-20533 libsolv: NULL pointer dereference in function testcase_str2dep_complex [rhel-8] | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | shuitao gan <ganshuitao> | ||||
Component: | libsolv | Assignee: | Jaroslav Rohel <jrohel> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Karel Srot <ksrot> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 8.1 | CC: | dmach, ganshuitao, jmracek, rschiron | ||||
Target Milestone: | rc | Keywords: | SecurityTracking, Triaged | ||||
Target Release: | 8.0 | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | libsolv-0.6.35-4.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-06-14 00:48:35 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Bug Depends On: | |||||||
Bug Blocks: | 1665535 | ||||||
Attachments: |
|
Please, which version of libsolv do you have? The "libsolv2.4" seems strange. In RHEL 8 is "libsolv-0.6.35". *** Bug 1669577 has been marked as a duplicate of this bug. *** |
Created attachment 1507932 [details] Triggered by “./testsolv POC0” version: libsolv2.4 Summary: There is an illegal address access at ext/testcase.c:577 testcase_str2dep_complex in libsolv. Description: The asan debug is as follows: $./testsolv POC0 ================================================================= ==37349==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fab0e11bf2b bp 0x7ffdfc044b70 sp 0x7ffdfc044a90 T0) #0 0x7fab0e11bf2a in testcase_str2dep_complex /home/company/real_sanitize/libsolv-master/ext/testcase.c:577 #1 0x7fab0e11c80f in testcase_str2dep /home/company/real_sanitize/libsolv-master/ext/testcase.c:656 #2 0x7fab0e12e64a in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2952 #3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 #4 0x7fab0d9d2a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libsolv-master/ext/testcase.c:577 testcase_str2dep_complex ==37349==ABORTING