SB2021090721 - Multiple vulnerabilities in libsolv
Published: September 7, 2021 Updated: August 12, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2021-33938)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the prune_to_recommended(0 function in src/policy.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.2) Out-of-bounds write (CVE-ID: CVE-2021-33930)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the pool_installable_whatprovides(0 function in src/repo.h. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.3) Out-of-bounds write (CVE-ID: CVE-2021-33929)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the pool_disabled_solvable() function in src/repo.h. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.4) Out-of-bounds write (CVE-ID: CVE-2021-33928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the pool_installable() function in src/repo.h. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
5) Out-of-bounds write (CVE-ID: CVE-2021-44568)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the resolve_dependencies() function at src/solver.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.Remediation
Install update from vendor's website.
References
- https://github.com/openSUSE/libsolv/issues/420
- https://github.com/openSUSE/libsolv/issues/417
- https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940
- https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995
- https://github.com/openSUSE/libsolv/issues/425