A vulnerability was found in libsolv through 0.7.2. There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv that will cause a denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1652599 Upstream Patch: https://github.com/openSUSE/libsolv/pull/291
Created libsolv tracking bugs for this issue: Affects: fedora-all [bug 1665537]
Function testcase_str2dep_complex() does not check whether the string pointed by one of its argument is NULL or not.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2290 https://access.redhat.com/errata/RHSA-2019:2290
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20533