Unrated severityNVD Advisory· Published Jan 21, 2020· Updated Aug 5, 2024
CVE-2019-20387
CVE-2019-20387
Description
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- libsolv/libsolvdescription
- osv-coords28 versionspkg:rpm/suse/libsolv&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libsolv&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/libzypp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libzypp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.6.37-2.33.1+ 27 more
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.27.24.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 0.6.37-2.33.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-27.75.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
- (no CPE)range: < 16.21.4-2.51.1
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272damitrex_refsource_MISC
- github.com/openSUSE/libsolv/compare/0.7.5...0.7.6mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/01/msg00034.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.