Unrated severityOSV Advisory· Published Dec 28, 2018· Updated Aug 5, 2024
CVE-2018-20534
CVE-2018-20534
Description
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
86- osv-coords85 versionspkg:rpm/opensuse/libsolv&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libyui-ncurses-pkg&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libyui-qt-pkg&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/PackageKit&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/yast2-pkg-bindings&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/libsolv&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libzypp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/zypper&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zypper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.7.5-lp150.7.1+ 84 more
- (no CPE)range: < 0.7.5-lp150.7.1
- (no CPE)range: < 2.48.5.2-lp150.7.1
- (no CPE)range: < 2.45.15.2-lp150.7.1
- (no CPE)range: < 17.12.0-lp150.2.13.1
- (no CPE)range: < 1.1.10-lp150.11.1
- (no CPE)range: < 4.0.13-lp150.2.13.1
- (no CPE)range: < 1.14.28-lp150.2.13.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.5-3.12.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.7.6-3.7.2
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.16.2
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 0.6.36-2.27.19.8
- (no CPE)range: < 0.6.36-2.30.1
- (no CPE)range: < 2.48.5.2-3.5.2
- (no CPE)range: < 2.48.9-7.3.5
- (no CPE)range: < 2.48.5.2-3.5.3
- (no CPE)range: < 2.48.9-7.3.3
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.5
- (no CPE)range: < 2.45.15.2-3.5.3
- (no CPE)range: < 2.45.27-3.3.3
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 17.12.0-3.23.6
- (no CPE)range: < 17.15.0-3.9.1
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 16.20.0-2.39.4
- (no CPE)range: < 16.20.2-27.60.4
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 1.1.10-4.10.4
- (no CPE)range: < 1.1.10-12.3.5
- (no CPE)range: < 4.0.13-3.7.2
- (no CPE)range: < 4.1.2-3.3.5
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.14.28-3.18.6
- (no CPE)range: < 1.14.30-3.7.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
- (no CPE)range: < 1.13.51-21.26.4
- (no CPE)range: < 1.13.54-18.40.2
Patches
Vulnerability mechanics
Root cause
"An illegal address access occurs in the pool_whatprovides function within libsolv."
Attack vector
The vulnerability is triggered by an illegal address access in the `pool_whatprovides` function, specifically within `src/pool.h` [ref_id=4]. This issue is noted to affect the test suite rather than the underlying library, and it is stated that it cannot be exploited in real-world applications [ref_id=2]. The specific conditions leading to this access are not detailed beyond the function name and file path.
Affected code
The vulnerability is located in the `pool_whatprovides` function within `src/pool.h` [ref_id=4]. However, the provided patch targets `ext/testcase.c`, specifically altering the logic within the `testcase_read` function [ref_id=2]. This indicates the issue is related to how test cases are processed.
What the fix does
The provided patch modifies `ext/testcase.c` by changing a condition from `!s` to `!s || pieces[1][i - 1] != ')'` [ref_id=2]. This change addresses a potential issue in how test cases are read and parsed. While the CVE description mentions `src/pool.h`, the actual fix is applied to `ext/testcase.c`, suggesting the vulnerability is related to the test suite's input handling rather than a core library function [ref_id=2].
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2290mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3583mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3916-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/openSUSE/libsolv/pull/291mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.