2057178 – (CVE-2021-44568) CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function

Bug 2057178 (CVE-2021-44568) - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function

Summary: CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-44568
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2060807 2063294 2063295 2063296 2063297
Blocks:	2057179
TreeView+	depends on / blocked

Reported:	2022-02-22 21:21 UTC by Anten Skrabec
Modified:	2023-03-21 06:05 UTC (History)
CC List:	23 users (show)
Fixed In Version:	libsolv 0.7.17
Doc Type:	If docs needed, set a value
Doc Text:	A buffer over-read flaw was found in the test case reader in libsolv that created multiple out-of-bounds read symptoms. Depending on how client applications use libsolv, this flaw leads to a denial of service of the application if an attacker can supply crafted input to the test case reader.
Clone Of:
Environment:
Last Closed:	2022-07-05 21:41:35 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:5498	0	None	None	None	2022-07-05 14:27:42 UTC

Description Anten Skrabec 2022-02-22 21:21:35 UTC

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940
https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995
https://github.com/openSUSE/libsolv/issues/425

Comment 3 Todd Cullum 2022-03-17 00:30:26 UTC

Upstream patch commit: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec

Comment 4 errata-xmlrpc 2022-07-05 14:27:39 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498

Comment 5 Product Security DevOps Team 2022-07-05 21:41:33 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-44568

Note You need to log in before you can comment on or make changes to this bug.

bbuckingham
bcourt
bkearney
btotty
daniel.mach
ehelms
igor.raits
jmracek
jrohel
jsherril
lzap
mcermak
mhulan
mmccune
myarboro
ngompa13
nmoumoul
orabin
packaging-team-maint
pcreech
pkratoch
rchan
rpm-software-management