Your submission was sent successfully! Close

CVE-2019-20387

Published: 21 January 2020

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libsolv
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Not vulnerable
(0.6.36-2)
groovy Not vulnerable
(0.6.36-2)
hirsute Not vulnerable
(0.6.36-2)
impish Not vulnerable
(0.6.36-2)
jammy Not vulnerable
(0.6.36-2)
precise Does not exist

trusty Does not exist

upstream
Released (0.6.36-2)
xenial Ignored
(end of standard support, was needed)