Unrated severityOSV Advisory· Published Dec 28, 2018· Updated Aug 5, 2024
CVE-2018-20532
CVE-2018-20532
Description
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
88- osv-coords86 versionspkg:rpm/opensuse/libsolv&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libsolv&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libyui-ncurses-pkg&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libyui-qt-pkg&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/PackageKit&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/yast2-pkg-bindings&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/libsolv&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libzypp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/zypper&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.7.5-lp150.7.1+ 85 more
- (no CPE)range: < 0.7.5-lp150.7.1
- (no CPE)range: < 0.7.19-1.4
- (no CPE)range: < 2.48.5.2-lp150.7.1
- (no CPE)range: < 2.45.15.2-lp150.7.1
- (no CPE)range: < 17.12.0-lp150.2.13.1
- (no CPE)range: < 1.1.10-lp150.11.1
- (no CPE)range: < 4.0.13-lp150.2.13.1
- (no CPE)range: < 1.14.28-lp150.2.13.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 2.48.5.2-3.5.2
- (no CPE)range: < 2.48.9-7.3.5
- (no CPE)range: < 2.48.5.2-3.5.3
- (no CPE)range: < 2.48.9-7.3.3
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.3
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 17.12.0-3.23.6
- (no CPE)range: < 17.15.0-3.9.1
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 4.0.13-3.7.2
- (no CPE)range: < 4.1.2-3.3.5
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.14.28-3.18.6
- (no CPE)range: < 1.14.30-3.7.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
Patches
Vulnerability mechanics
Root cause
"A NULL pointer dereference occurs in the testcase_read function when handling specific input."
Attack vector
An attacker can trigger this vulnerability by providing specially crafted input to the libsolv library. This input causes the `testcase_read` function to dereference a NULL pointer, leading to a crash. The vulnerability is present in libsolv through version 0.7.2 [ref_id=1].
Affected code
The vulnerability resides in the `testcase_read` function located in the `ext/testcase.c` file within libsolvext.a [ref_id=1, ref_id=2].
What the fix does
The advisory indicates that an update for libsolv is available to address this issue. The specific fix involves correcting the NULL pointer dereference within the `testcase_read` function. This resolves the denial-of-service condition by ensuring proper handling of potential NULL pointers during input processing [ref_id=1].
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2290mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3916-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/openSUSE/libsolv/pull/291mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.