{
  "version": "1",
  "package": [
    {
      "name": "libsolv-native",
      "layer": "meta",
      "version": "0.7.28",
      "products": [
        {
          "product": "libsolv",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2018-20532",
          "summary": "There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.",
          "scorev2": "4.3",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-20532"
        },
        {
          "id": "CVE-2018-20533",
          "summary": "There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.",
          "scorev2": "4.3",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-20533"
        },
        {
          "id": "CVE-2018-20534",
          "summary": "There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application",
          "scorev2": "4.3",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-20534"
        },
        {
          "id": "CVE-2019-20387",
          "summary": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-20387"
        },
        {
          "id": "CVE-2021-3200",
          "summary": "Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service",
          "scorev2": "4.3",
          "scorev3": "3.3",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3200"
        },
        {
          "id": "CVE-2021-33928",
          "summary": "Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-33928"
        },
        {
          "id": "CVE-2021-33929",
          "summary": "Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-33929"
        },
        {
          "id": "CVE-2021-33930",
          "summary": "Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-33930"
        },
        {
          "id": "CVE-2021-33938",
          "summary": "Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-33938"
        },
        {
          "id": "CVE-2021-44568",
          "summary": "Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.",
          "scorev2": "4.3",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-44568"
        }
      ]
    }
  ]
}