CVE-2018-20533

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
opensuselibsolv
𝑥
≤ 0.7.2
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsolv
bullseye
0.7.17-1+deb11u1
fixed
buster
ignored
stretch
ignored
jessie
ignored
bookworm
0.7.23-1+deb12u1
fixed
sid
0.7.30-2
fixed
trixie
0.7.30-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsolv
lunar
Fixed 0.6.5-2ubuntu1
released
kinetic
Fixed 0.6.5-2ubuntu1
released
jammy
Fixed 0.6.5-2ubuntu1
released
impish
Fixed 0.6.5-2ubuntu1
released
hirsute
Fixed 0.6.5-2ubuntu1
released
groovy
Fixed 0.6.5-2ubuntu1
released
focal
Fixed 0.6.5-2ubuntu1
released
eoan
Fixed 0.6.5-2ubuntu1
released
disco
Fixed 0.6.5-2ubuntu1
released
cosmic
Fixed 0.6.35-2ubuntu0.18.10.1
released
bionic
Fixed 0.6.30-1ubuntu0.1~esm1
released
xenial
Fixed 0.6.11-1.1ubuntu0.1~esm1
released
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html
https://access.redhat.com/errata/RHSA-2019:2290
https://bugzilla.redhat.com/show_bug.cgi?id=1652599
https://github.com/openSUSE/libsolv/pull/291
https://usn.ubuntu.com/3916-1/
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html
https://access.redhat.com/errata/RHSA-2019:2290
https://bugzilla.redhat.com/show_bug.cgi?id=1652599
https://github.com/openSUSE/libsolv/pull/291
https://usn.ubuntu.com/3916-1/