Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2018-20534

Published: 28/12/2018 Updated: 11/04/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Opensuse

Vulnerability Summary

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv up to and including 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse libsolv

canonical ubuntu linux 18.10

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
Debian Bug report logs - #923002 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Package: src:libsolv; Maintainer for src:libsolv is Mike Gabriel <sunweaver@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 22 Feb 2019 21:57:02 UTC Severity: important Tags: security Reply or subscribe to thi ...
Ubuntu Security Notice: libsolv vulnerabilities
Libzip could be made to crash if it received specially crafted input ...
Red Hat: Moderate: yum security, bug fix, and enhancement update
Synopsis Moderate: yum security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for yum is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Red Hat: Low: libsolv security and bug fix update
Synopsis Low: libsolv security and bug fix update Type/Severity Security Advisory: Low Topic An update for libsolv is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which ...
Amazon Linux 2: ALAS2-2019-1374
There is an illegal address access at ext/testcasec in libsolva in libsolv through 072 that will cause a denial of service NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library It cannot be exploited in any real-world application(CVE-2018-20534) There is a NULL pointer dereference ...

References

CWE-119https://github.com/openSUSE/libsolv/pull/291https://bugzilla.redhat.com/show_bug.cgi?id=1652604https://usn.ubuntu.com/3916-1/https://bugzilla.suse.com/show_bug.cgi?id=1120631https://access.redhat.com/errata/RHSA-2019:2290http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.htmlhttps://access.redhat.com/errata/RHSA-2019:3583https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923002https://usn.ubuntu.com/3916-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook