Bug 2057178 (CVE-2021-44568)

Summary: CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function
Product: [Other] Security Response Reporter: Anten Skrabec <askrabec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bbuckingham, bcourt, bkearney, btotty, daniel.mach, ehelms, igor.raits, jmracek, jrohel, jsherril, lzap, mcermak, mhulan, mmccune, myarboro, ngompa13, nmoumoul, orabin, packaging-team-maint, pcreech, pkratoch, rchan, rpm-software-management
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libsolv 0.7.17 Doc Type: If docs needed, set a value
Doc Text:
A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-05 21:41:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2060807, 2063294, 2063295, 2063296, 2063297    
Bug Blocks: 2057179    

Description Anten Skrabec 2022-02-22 21:21:35 UTC 
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940
https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995
https://github.com/openSUSE/libsolv/issues/425
Comment 3 Todd Cullum 2022-03-17 00:30:26 UTC 
Upstream patch commit: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
Comment 4 errata-xmlrpc 2022-07-05 14:27:39 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
Comment 5 Product Security DevOps Team 2022-07-05 21:41:33 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-44568