A vulnerability was found in libsolv through 0.7.2. There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv that will cause a denial of service.
Created libsolv tracking bugs for this issue:
Affects: fedora-all [bug 1665537]
Function testcase_str2dep_complex() does not check whether the string pointed by one of its argument is NULL or not.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2290 https://access.redhat.com/errata/RHSA-2019:2290
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):