Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
{ "binaries": [ { "binary_name": "libsolv-perl", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "libsolv-tools", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "libsolv0", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "libsolv0-dev", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "libsolvext0", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "libsolvext0-dev", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "python-solv", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" }, { "binary_name": "python3-solv", "binary_version": "0.6.11-1.1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "libsolv-perl", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "libsolv-tools", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "libsolv0", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "libsolv0-dev", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "libsolvext0", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "libsolvext0-dev", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "python-solv", "binary_version": "0.6.30-1ubuntu0.1~esm1" }, { "binary_name": "python3-solv", "binary_version": "0.6.30-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "libsolv-perl", "binary_version": "0.6.36-2" }, { "binary_name": "libsolv-tools", "binary_version": "0.6.36-2" }, { "binary_name": "libsolv0", "binary_version": "0.6.36-2" }, { "binary_name": "libsolv0-dev", "binary_version": "0.6.36-2" }, { "binary_name": "libsolvext0", "binary_version": "0.6.36-2" }, { "binary_name": "libsolvext0-dev", "binary_version": "0.6.36-2" }, { "binary_name": "python3-solv", "binary_version": "0.6.36-2" } ] }