CVE-2021-44568

MEDIUM

Opensuse Libsolv < 0.7.17 - Out-of-Bounds Write

Title source: rule

Description

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

References (3)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/openSUSE/libsolv/issues/425

[Exploit, Third Party Advisory] https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-787

Status published

Affected Products (1)

opensuse/libsolv < 0.7.17

Timeline

Published Feb 21, 2022

Tracked Since Feb 18, 2026