CVE-2018-20534

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "18.10"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/opensuse/libsolv

Affected ranges

Type

GIT

Repo

https://github.com/opensuse/libsolv

Events

Introduced

Last affected

1c0141962a9eef7f4bc1fdcac7099f3f6a95ec23

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.2"
        }
    ],
    "cpe": "cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

0.*

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.6.16

0.6.17

0.6.18

0.6.19

0.6.20

0.6.21

0.6.22

0.6.23

0.6.24

0.6.25

0.6.26

0.6.27

0.6.28

0.6.29

0.6.30

0.6.31

0.6.32

0.6.33

0.6.34

0.6.35

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.7.0

0.7.1

0.7.2

Other

BASE-SuSE-Code-12_1-Branch

BASE-SuSE-Code-12_2-Branch

BASE-SuSE-Code-12_3-Branch

BASE-SuSE-Code-13_1-Branch

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20534.json"