Bug 2000707 (CVE-2021-33938)

Summary: CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbuckingham, bcoca, bcourt, bdettelb, bkearney, btotty, caswilli, chousekn, cmeyers, davidn, ehelms, fjansen, gblomqui, igor.raits, jcammara, jhardy, jmracek, jnakfour, jobarker, jrohel, jsherril, kaycoth, lzap, mabashia, mcermak, mhulan, mmccune, myarboro, ngompa13, nmoumoul, notting, orabin, osapryki, packaging-team-maint, pcreech, pkratoch, psegedy, rchan, relrod, rjerrido, rpetrell, rpm-software-management, sdoran, smcdonal, sokeeffe, tkuratom, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libsolv-0.7.17 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libsolv. A buffer overflow vulnerability in the prune_to_recommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-02 14:08:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2000708, 2001110, 2001111, 2002067, 2002068, 2002069, 2002070, 2002071, 2002072, 2002799, 2013731, 2013732, 2016360    
Bug Blocks: 2000709    

Description Guilherme de Almeida Suckevicz 2021-09-02 17:56:08 UTC 
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Reference:
https://github.com/openSUSE/libsolv/issues/420
Comment 1 Guilherme de Almeida Suckevicz 2021-09-02 17:56:31 UTC 
Created libsolv tracking bugs for this issue:

Affects: fedora-all [bug 2000708]
Comment 6 Garrett Tucker 2021-10-01 14:01:59 UTC 
Upstream Patch: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
Comment 9 errata-xmlrpc 2021-11-02 08:44:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4060 https://access.redhat.com/errata/RHSA-2021:4060
Comment 10 Product Security DevOps Team 2021-11-02 14:08:14 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-33938
Comment 11 errata-xmlrpc 2022-07-05 14:26:45 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498