Bug 2000703 (CVE-2021-33929)

Summary: CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aarif, bbuckingham, bcoca, bcourt, bdettelb, bkearney, btotty, caswilli, chousekn, cmeyers, davidn, ehelms, fjansen, gblomqui, igor.raits, jcammara, jhardy, jmracek, jnakfour, jobarker, jrohel, jsherril, kaycoth, lzap, mabashia, mcermak, mhulan, mmccune, myarboro, ngompa13, nmoumoul, notting, orabin, osapryki, packaging-team-maint, pcreech, pkratoch, psegedy, rchan, relrod, rjerrido, rpetrell, rpm-software-management, sdoran, smcdonal, sokeeffe, tkuratom, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libsolv-0.7.17 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libsolv. A buffer overflow vulnerability in the pool_disabled_solvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-02 14:08:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2000704, 2001105, 2001106, 2002067, 2002068, 2002069, 2002070, 2002071, 2002072, 2002797, 2013724, 2013725, 2016360    
Bug Blocks: 2000709    

Description Guilherme de Almeida Suckevicz 2021-09-02 17:52:17 UTC 
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Reference:
https://github.com/openSUSE/libsolv/issues/417
Comment 1 Guilherme de Almeida Suckevicz 2021-09-02 17:52:40 UTC 
Created libsolv tracking bugs for this issue:

Affects: fedora-all [bug 2000704]
Comment 7 Garrett Tucker 2021-10-01 14:01:11 UTC 
Upstream Patch: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
Comment 10 errata-xmlrpc 2021-11-02 08:44:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4060 https://access.redhat.com/errata/RHSA-2021:4060
Comment 11 Product Security DevOps Team 2021-11-02 14:08:01 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-33929
Comment 12 errata-xmlrpc 2022-07-05 14:26:41 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498