Bug 1652605
Summary: | CVE-2018-20532 libsolv: NULL pointer dereference in function testcase_read [rhel-8] | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | shuitao gan <ganshuitao> | ||||
Component: | libsolv | Assignee: | Jaroslav Rohel <jrohel> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Karel Srot <ksrot> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 8.1 | CC: | dmach, ganshuitao, jmracek, rschiron | ||||
Target Milestone: | rc | Keywords: | SecurityTracking, Triaged | ||||
Target Release: | 8.0 | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | libsolv-0.6.35-4.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-06-14 01:58:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1665532 | ||||||
Attachments: |
|
Please, which version of libsolv do you have? The "libsolv2.4" seems strange. In RHEL 8 is "libsolv-0.6.35". *** Bug 1669563 has been marked as a duplicate of this bug. *** |
Created attachment 1507934 [details] ./testsolv POC2 version: libsolv2.4 Summary: There is an illegal address access at ext/testcase.c:2799 testcase_read in libsolv. Description: The asan debug is as follows: $./testsolv POC2 ASAN:SIGSEGV ================================================================= ==37274==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0) #0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799 #1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 #2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799 testcase_read ==37274==ABORTING