CVE-2018-20534

Published: 28 December 2018

** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.

From the Ubuntu security team

It was discovered that libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause libsolv to crash, resulting in a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libsolv
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (0.6.5-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0.6.5-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist