V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-20387
DEB
High

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the …

CVSS
7.5
High
EPSS
0.02
p81
Published
2019-01-01
Updated
2019-01-01
Description

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Tags · CWE
RCEPre-auth
CWE-125
CAPEC-540
Affected products
LibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolvLibsolv
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.023 · p81
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Debian LinuxLibsolv
Canonical
Libsolv
Red Hat
Libsolv
Opensuse
Libsolv
ProductVendorStatus
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
libsolvTracked
Showing first 20 of 22
Source databases
DEB
CVE
RED
UBU