Bug 1665535 (CVE-2018-20533)

Summary: CVE-2018-20533 libsolv: NULL pointer dereference in function testcase_str2dep_complex
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jrohel, rschiron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20181122,reported=20181228,source=cve,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-476,fedora-all/libsolv=affected,rhel-7/libsolv=affected,rhel-8/libsolv=notaffected
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1669576, 1652599, 1665537, 1669577    
Bug Blocks: 1665540    

Description Laura Pardo 2019-01-11 16:53:20 UTC
A vulnerability was found in libsolv through 0.7.2. There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv that will cause a denial of service.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1652599

Upstream Patch:
https://github.com/openSUSE/libsolv/pull/291

Comment 1 Laura Pardo 2019-01-11 16:53:49 UTC
Created libsolv tracking bugs for this issue:

Affects: fedora-all [bug 1665537]

Comment 4 Riccardo Schirone 2019-01-25 17:27:41 UTC
Function testcase_str2dep_complex() does not check whether the string pointed by one of its argument is NULL or not.