CVE-2018-20534 - OpenCVE

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Libsolv
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html
https://access.redhat.com/errata/RHSA-2019:2290
https://access.redhat.com/errata/RHSA-2019:3583
https://bugzilla.redhat.com/show_bug.cgi?id=1652604	Exploit Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1120631	Issue Tracking Third Party Advisory
https://github.com/openSUSE/libsolv/pull/291	Patch Third Party Advisory
https://usn.ubuntu.com/3916-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-28T03:00:00

Updated: 2019-11-06T00:07:32

Reserved: 2018-12-27T00:00:00

Link: CVE-2018-20534

JSON object: View

NVD Information

Status : Modified

Published: 2018-12-28T16:29:04.330

Modified: 2024-05-17T01:26:57.603

Link: CVE-2018-20534

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T00:07:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openSUSE/libsolv/pull/291"}, {"name": "USN-3916-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3916-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120631"}, {"name": "RHSA-2019:2290", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2290"}, {"name": "openSUSE-SU-2019:1927", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html"}, {"name": "RHSA-2019:3583", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3583"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20534", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604"}, {"name": "https://github.com/openSUSE/libsolv/pull/291", "refsource": "MISC", "url": "https://github.com/openSUSE/libsolv/pull/291"}, {"name": "USN-3916-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3916-1/"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1120631", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120631"}, {"name": "RHSA-2019:2290", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2290"}, {"name": "openSUSE-SU-2019:1927", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html"}, {"name": "RHSA-2019:3583", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3583"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20534", "datePublished": "2018-12-28T03:00:00", "dateReserved": "2018-12-27T00:00:00", "dateUpdated": "2019-11-06T00:07:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A6FD19-8701-42FE-9DB9-4F30467115C1", "versionEndIncluding": "0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application"}, {"lang": "es", "value": "** EN DISPUTA ** Hay un acceso a direcciones ilegal en ext/testcase.c en libsolv.a en libsolv hasta la versi\u00f3n 0.7.2 que provocar\u00e1 una denegaci\u00f3n de servicio (DoS). NOTA: terceros disputan este problema afirmando que afecta al conjunto de pruebas y no a la librer\u00eda subyacente. No puede ser explotado en ninguna aplicaci\u00f3n real."}], "id": "CVE-2018-20534", "lastModified": "2024-05-17T01:26:57.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-28T16:29:04.330", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2290"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3583"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120631"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openSUSE/libsolv/pull/291"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3916-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}