CVE-2019-20387 - OpenCVE

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Libsolv
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da	Patch Third Party Advisory
https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-21T22:54:05

Updated: 2020-01-30T20:06:04

Reserved: 2020-01-21T00:00:00

Link: CVE-2019-20387

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-21T23:15:13.443

Modified: 2023-01-31T20:49:33.477

Link: CVE-2019-20387

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-30T20:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6"}, {"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2088-1] libsolv security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20387", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", "refsource": "MISC", "url": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da"}, {"name": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", "refsource": "MISC", "url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6"}, {"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2088-1] libsolv security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20387", "datePublished": "2020-01-21T22:54:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-01-30T20:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*", "matchCriteriaId": "F01002F4-871E-4948-A57B-F8C0D6D04267", "versionEndExcluding": "0.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema."}, {"lang": "es", "value": "La funci\u00f3n repodata_schema2id en el archivo repodata.c en libsolv versiones anteriores a 0.7.6, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un \u00faltimo esquema cuya longitud es menor que la longitud del esquema de entrada."}], "id": "CVE-2019-20387", "lastModified": "2023-01-31T20:49:33.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-21T23:15:13.443", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}