NULL Pointer Dereference Vulnerability in libsolv for Various Linux Distributions
CVE-2018-20533

6.5MEDIUM

Key Information:

Vendor

Opensuse
Status
Libsolv
Vendor
CVE Published:
28 December 2018

What is CVE-2018-20533?

The vulnerability in libsolv, found in versions up to 0.7.2, is caused by a NULL pointer dereference in the function testcase_str2dep_complex located at ext/testcase.c. This flaw can lead to a denial of service, causing affected applications to crash when they process specific input data. Users of openSUSE, Red Hat, and Ubuntu systems should take immediate action to patch their installations to prevent potential disruptions in service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugzilla.redhat.com/show_bug.cgi?id=1652599
x_refsource_MISC
https://github.com/openSUSE/libsolv/pull/291
x_refsource_MISC
https://usn.ubuntu.com/3916-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.