CVE-2018-20534

EPSS 2.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

28 Dec 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html https://access.redhat.com/errata/RHSA-2019:2290 https://access.redhat.com/errata/RHSA-2019:3583 https://bugzilla.redhat.com/show_bug.cgi?id=1652604 https://bugzilla.suse.com/show_bug.cgi?id=1120631 https://github.com/openSUSE/libsolv/pull/291 https://usn.ubuntu.com/3916-1/