CVE-2021-3200

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*

History

30 Jul 2022, 03:45

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

03 Jun 2021, 15:26

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 6.5
v2 : 4.3
v3 : 3.3

24 May 2021, 18:06

Type Values Removed Values Added
CPE cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*
CWE CWE-120
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.5
References (MISC) https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334 - (MISC) https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334 - Exploit, Third Party Advisory
References (MISC) https://github.com/openSUSE/libsolv/issues/416 - (MISC) https://github.com/openSUSE/libsolv/issues/416 - Exploit, Issue Tracking, Third Party Advisory

Information

Published : 2021-05-18 17:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-3200

Mitre link : CVE-2021-3200

CVE.ORG link : CVE-2021-3200


JSON object : View

Products Affected

opensuse

  • libsolv

oracle

  • communications_cloud_native_core_policy
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')