openSUSE/libsolv

GitHub

github.com

en.opensuse.org

Releases80

Frequency2 months 5 days

Last Release 7 days ago

Stars591

Library for solving packages and reading repositories

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-9149 ↗	May 21, 2026Thursday, 21 May 2026, 00:16	6.5 MEDIUM	—
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVE-2026-9150 ↗	May 20, 2026Wednesday, 20 May 2026, 23:16	6.5 MEDIUM	—
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
CVE-2021-44568 ↗	Feb 21, 2022Monday, 21 February 2022, 18:15	6.5 MEDIUM	4.3 MEDIUM
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
CVE-2021-33928 ↗	Sep 2, 2021Thursday, 2 September 2021, 15:15	7.5 HIGH	5 MEDIUM
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVE-2021-33929 ↗	Sep 2, 2021Thursday, 2 September 2021, 15:15	7.5 HIGH	5 MEDIUM
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVE-2021-33930 ↗	Sep 2, 2021Thursday, 2 September 2021, 15:15	7.5 HIGH	5 MEDIUM
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVE-2021-33938 ↗	Sep 2, 2021Thursday, 2 September 2021, 15:15	7.5 HIGH	5 MEDIUM
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVE-2021-3200 ↗	May 18, 2021Tuesday, 18 May 2021, 17:15	3.3 LOW	4.3 MEDIUM
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char *resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2019-20387 ↗	Jan 21, 2020Tuesday, 21 January 2020, 23:15	7.5 HIGH	5 MEDIUM
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.
CVE-2018-20532 ↗	Dec 28, 2018Friday, 28 December 2018, 16:29	—	4.3 MEDIUM
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20533 ↗	Dec 28, 2018Friday, 28 December 2018, 16:29	—	4.3 MEDIUM
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20534 ↗	Dec 28, 2018Friday, 28 December 2018, 16:29	—	4.3 MEDIUM
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application