| Summary: | CVE-2018-20533 libsolv: NULL pointer dereference in function testcase_str2dep_complex [rhel-8] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | shuitao gan <ganshuitao> | ||||
| Component: | libsolv | Assignee: | Jaroslav Rohel <jrohel> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Karel Srot <ksrot> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 8.1 | CC: | dmach, ganshuitao, jmracek, rschiron | ||||
| Target Milestone: | rc | Keywords: | SecurityTracking, Triaged | ||||
| Target Release: | 8.0 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libsolv-0.6.35-4.el8 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-14 00:48:35 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1665535 | ||||||
| Attachments: |
|
||||||
Please, which version of libsolv do you have? The "libsolv2.4" seems strange. In RHEL 8 is "libsolv-0.6.35". *** Bug 1669577 has been marked as a duplicate of this bug. *** |
Created attachment 1507932 [details] Triggered by “./testsolv POC0” version: libsolv2.4 Summary: There is an illegal address access at ext/testcase.c:577 testcase_str2dep_complex in libsolv. Description: The asan debug is as follows: $./testsolv POC0 ================================================================= ==37349==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fab0e11bf2b bp 0x7ffdfc044b70 sp 0x7ffdfc044a90 T0) #0 0x7fab0e11bf2a in testcase_str2dep_complex /home/company/real_sanitize/libsolv-master/ext/testcase.c:577 #1 0x7fab0e11c80f in testcase_str2dep /home/company/real_sanitize/libsolv-master/ext/testcase.c:656 #2 0x7fab0e12e64a in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2952 #3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 #4 0x7fab0d9d2a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libsolv-master/ext/testcase.c:577 testcase_str2dep_complex ==37349==ABORTING