CVE-2019-20387

HIGH

Opensuse Libsolv < 0.7.6 - Out-of-Bounds Read

Title source: rule

Description

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html

Scores

CVSS v3 7.5

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (2)

debian/debian_linux 8.0

opensuse/libsolv < 0.7.6

Published Jan 21, 2020

Tracked Since Feb 18, 2026