CVE-2021-3200

low

Description

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

References

https://www.oracle.com/security-alerts/cpuapr2022.html

https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334

https://github.com/openSUSE/libsolv/issues/416

Details

Source: Mitre, NVD

Published: 2021-05-18

Updated: 2022-07-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity: Low