CVE-2019-20387

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-20387

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20387.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-20387

Related

Published

2020-01-21T23:15:13Z

Modified

2024-09-11T04:30:08.853373Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

References

Affected packages

Debian:11 / libsolv

Package

Name: libsolv
Purl: pkg:deb/debian/libsolv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.36-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libsolv

Package

Name: libsolv
Purl: pkg:deb/debian/libsolv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.36-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libsolv

Package

Name: libsolv
Purl: pkg:deb/debian/libsolv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.36-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/opensuse/libsolv

Affected ranges

Type: GIT
Repo: https://github.com/opensuse/libsolv
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fdb9c9c03508990e4583046b590c30d958f272da

Affected versions

0.*

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.6.16

0.6.17

0.6.18

0.6.19

0.6.20

0.6.21

0.6.22

0.6.23

0.6.24

0.6.25

0.6.26

0.6.27

0.6.28

0.6.29

0.6.30

0.6.31

0.6.32

0.6.33

0.6.34

0.6.35

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

Other

BASE-SuSE-Code-12_1-Branch

BASE-SuSE-Code-12_2-Branch

BASE-SuSE-Code-12_3-Branch

BASE-SuSE-Code-13_1-Branch