A vulnerability was found in libsolv through 0.7.2. There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a that will cause a denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1652605 Upstream Patch: https://github.com/openSUSE/libsolv/pull/291
Created libsolv tracking bugs for this issue: Affects: fedora-all [bug 1665533]
Function testcase_read() read a testcase from a file, however when the file is malformed and it contains a "namespace" entry, a typo in an error check condition in the code makes the program continue with the malformed input, crashing shortly after the check because it tries to access a pointer to NULL.
On Red Hat Enterprise Linux the testsolv program is not shipped with any package, thus the flaw cannot be easily triggered, unless an existing program uses the vulnerable function testcase_read().
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2290 https://access.redhat.com/errata/RHSA-2019:2290
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20532