#VU24490 Out-of-bounds read


Published: 2020-01-22

Vulnerability identifier: #VU24490

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20387

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libsolv
Universal components / Libraries / Libraries used by multiple products

Vendor: openSUSE

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read via a last schema whose length is less than the length of the input schema. A remote attacker can perform a denial of service attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libsolv: 0.6.0 - 0.7.5


CPE

External links
http://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da
http://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability