Unrated severityOSV Advisory· Published Dec 28, 2018· Updated Aug 5, 2024

CVE-2018-20533

Description

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OpenSUSE/LibsolvOSV2 versions
0.6.10, 0.6.11, 0.6.12, …+ 1 more
- (no CPE)range: 0.6.10, 0.6.11, 0.6.12, …
- (no CPE)range: <=0.7.2
osv-coords85 versions
pkg:rpm/opensuse/libsolv&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/libyui-ncurses-pkg&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/libyui-qt-pkg&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/PackageKit&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/yast2-pkg-bindings&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/libsolv&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libzypp&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1 pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/zypper&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.7.5-lp150.7.1+ 84 more
- (no CPE)range: < 0.7.5-lp150.7.1
- (no CPE)range: < 2.48.5.2-lp150.7.1
- (no CPE)range: < 2.45.15.2-lp150.7.1
- (no CPE)range: < 17.12.0-lp150.2.13.1
- (no CPE)range: < 1.1.10-lp150.11.1
- (no CPE)range: < 4.0.13-lp150.2.13.1
- (no CPE)range: < 1.14.28-lp150.2.13.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 2.48.5.2-3.5.2
- (no CPE)range: < 2.48.9-7.3.5
- (no CPE)range: < 2.48.5.2-3.5.3
- (no CPE)range: < 2.48.9-7.3.3
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.3
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 17.12.0-3.23.6
- (no CPE)range: < 17.15.0-3.9.1
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 4.0.13-3.7.2
- (no CPE)range: < 4.1.2-3.3.5
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.14.28-3.18.6
- (no CPE)range: < 1.14.30-3.7.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2

Patches

Vulnerability mechanics

Root cause

"A NULL pointer dereference occurs in the testcase_str2dep_complex function when processing dependency strings."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted dependency string to the libsolv library. This input is processed by the `testcase_str2dep_complex` function, leading to a NULL pointer dereference. The vulnerability is present in libsolv through version 0.7.2 [ref_id=1].

Affected code

The vulnerability resides within the `testcase_str2dep_complex` function, located in the `ext/testcase.c` file within the libsolv library [ref_id=1]. This function is responsible for parsing and handling complex dependency strings.

What the fix does

The advisory indicates that an update for libsolv is available to address this issue [ref_id=1]. While the specific code changes are not detailed in the provided Red Hat advisory, the update is intended to resolve the NULL pointer dereference vulnerability in the `testcase_str2dep_complex` function.

Preconditions

inputThe attacker must be able to provide a malformed dependency string as input to the libsolv library.
configThe vulnerable version of libsolv (through 0.7.2) must be in use.

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:2290mitrevendor-advisoryx_refsource_REDHAT
usn.ubuntu.com/3916-1/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
github.com/openSUSE/libsolv/pull/291mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000