EPSS
Percentile
12.6%
libsolv.so is vulnerable to denial of service (DoS) attacks. A remote attacker is able to cause heap-based buffer overflow in resolve_weak function in src/solver.c resulting in a system crash.
resolve_weak
src/solver.c
github.com/openSUSE/libsolv/issues/426
github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_weak-2222
github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_weak-2249
lists.fedoraproject.org/archives/list/[email protected]/message/XVLRHB6CUX3SHYOIGVUQNWAOW5JYANWH/