Ubuntu.comUB:CVE-2021-44568CVE-2021-44568
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
75.1%
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through
13 Dec 2020 in the decisionmap variable via the resolve_dependencies
function at src/solver.c (line 1940 & line 1995), which could cause a
remote Denial of Service.
References
github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
github.com/openSUSE/libsolv/issues/425
github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940
github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995
launchpad.net/bugs/cve/CVE-2021-44568
nvd.nist.gov/vuln/detail/CVE-2021-44568
security-tracker.debian.org/tracker/CVE-2021-44568
www.cve.org/CVERecord?id=CVE-2021-44568
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
75.1%