CVE-2019-3817
Description
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.501
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:3898) libcomps security update libcomps-0.1.8-13.el7.x86_64.rpm | Linux |
| (RHSA-2019:3898) libcomps security update libcomps-devel-0.1.8-13.el7.x86_64.rpm | Linux |
| (RHSA-2019:3898) libcomps security update libcomps-doc-0.1.8-13.el7.noarch.rpm | Linux |
| (RHSA-2019:3898) libcomps security update python-libcomps-doc-0.1.8-13.el7.noarch.rpm | Linux |
| (RHSA-2019:3898) libcomps security update python2-libcomps-0.1.8-13.el7.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-debugsource-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-debugsource-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-devel-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-devel-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-libs-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-libs-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update dnf-4.2.7-6.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update dnf-automatic-4.2.7-6.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update dnf-data-4.2.7-6.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-0.1.11-2.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-debugsource-0.1.11-2.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-debugsource-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-devel-0.1.11-2.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libcomps-devel-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libdnf-0.35.1-8.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libdnf-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libdnf-debugsource-0.35.1-8.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libdnf-debugsource-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librepo-1.10.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librepo-debugsource-1.10.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librepo-debugsource-1.10.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librhsm-0.0.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librhsm-0.0.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librhsm-debugsource-0.0.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update librhsm-debugsource-0.0.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libsolv-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libsolv-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libsolv-debugsource-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update libsolv-debugsource-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update microdnf-3.0.1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update microdnf-debugsource-3.0.1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-dnf-4.2.7-6.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-hawkey-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-libdnf-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update python3-librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update yum-4.2.7-6.el8.noarch.rpm | Linux |
| (RHSA-2019:3583) yum security, bug fix, and enhancement update yum-utils-4.0.8-3.el8.noarch.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-devel-0.11.0-3.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-devel-0.11.0-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-libs-0.11.0-3.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update createrepo_c-libs-0.11.0-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libcomps-0.1.11-2.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libcomps-devel-0.1.11-2.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libcomps-devel-0.1.11-2.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update librepo-1.10.3-3.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update librhsm-0.0.3-3.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update librhsm-0.0.3-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libsolv-0.7.4-3.el8.i686.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update libsolv-0.7.4-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update microdnf-3.0.1-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update python3-createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update python3-libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update python3-librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3583) yum security, bug fix, and enhancement update yum-utils-4.0.8-3.el8.noarch.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update createrepo_c-libs-debuginfo-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update createrepo_c-libs-debuginfo-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libcomps-debuginfo-0.1.11-2.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libdnf-debuginfo-0.35.1-8.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update librepo-debuginfo-1.10.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update librepo-debuginfo-1.10.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update librhsm-debuginfo-0.0.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update librhsm-debuginfo-0.0.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-demo-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-demo-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-tools-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update libsolv-tools-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update microdnf-debuginfo-3.0.1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update perl-solv-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update perl-solv-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-hawkey-debuginfo-0.35.1-8.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-hawkey-debuginfo-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-libcomps-debuginfo-0.1.11-2.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-libdnf-debuginfo-0.35.1-8.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-librepo-debuginfo-1.10.3-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-librepo-debuginfo-1.10.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-solv-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update python3-solv-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update ruby-solv-debuginfo-0.7.4-3.el8.i686.rpm | Linux |
| (RHSA-2019:3583)Moderate: security, bug fix, and enhancement update ruby-solv-debuginfo-0.7.4-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3898)Moderate: security update libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm | Linux |
| Createrepo_c-devel update (ELSA-2019-3583) createrepo_c-devel-0.11.0-3.el8.x86_64.rpm | Linux |
| Createrepo_c update (ELSA-2019-3583) createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| Createrepo_c-devel update (ELSA-2019-3583) createrepo_c-devel-0.11.0-3.el8.i686.rpm | Linux |
| Createrepo_c-libs update (ELSA-2019-3583) createrepo_c-libs-0.11.0-3.el8.i686.rpm | Linux |
| Createrepo_c-libs update (ELSA-2019-3583) createrepo_c-libs-0.11.0-3.el8.x86_64.rpm | Linux |
| Dnf update (ELSA-2019-3583) dnf-4.2.7-6.el8.noarch.rpm | Linux |
| Dnf-automatic update (ELSA-2019-3583) dnf-automatic-4.2.7-6.el8.noarch.rpm | Linux |
| Dnf-data update (ELSA-2019-3583) dnf-data-4.2.7-6.el8.noarch.rpm | Linux |
| Dnf-plugins-core update (ELSA-2019-3583) dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| Libcomps update (ELSA-2019-3583) libcomps-0.1.11-2.el8.i686.rpm | Linux |
| Libcomps update (ELSA-2019-3583) libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| Libcomps-devel update (ELSA-2019-3583) libcomps-devel-0.1.11-2.el8.i686.rpm | Linux |
| Libcomps-devel update (ELSA-2019-3583) libcomps-devel-0.1.11-2.el8.x86_64.rpm | Linux |
| Libdnf update (ELSA-2019-3583) libdnf-0.35.1-8.0.1.el8.i686.rpm | Linux |
| Libdnf update (ELSA-2019-3583) libdnf-0.35.1-8.0.1.el8.x86_64.rpm | Linux |
| Librepo update (ELSA-2019-3583) librepo-1.10.3-3.el8.i686.rpm | Linux |
| Librepo update (ELSA-2019-3583) librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| Librhsm update (ELSA-2019-3583) librhsm-0.0.3-3.el8.i686.rpm | Linux |
| Librhsm update (ELSA-2019-3583) librhsm-0.0.3-3.el8.x86_64.rpm | Linux |
| Libsolv update (ELSA-2019-3583) libsolv-0.7.4-3.el8.i686.rpm | Linux |
| Libsolv update (ELSA-2019-3583) libsolv-0.7.4-3.el8.x86_64.rpm | Linux |
| Microdnf update (ELSA-2019-3583) microdnf-3.0.1-3.el8.x86_64.rpm | Linux |
| Python3-createrepo_c update (ELSA-2019-3583) python3-createrepo_c-0.11.0-3.el8.x86_64.rpm | Linux |
| Python3-dnf update (ELSA-2019-3583) python3-dnf-4.2.7-6.el8.noarch.rpm | Linux |
| Python3-dnf-plugin-versionlock update (ELSA-2019-3583) python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm | Linux |
| Python3-dnf-plugins-core update (ELSA-2019-3583) python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpm | Linux |
| Python3-hawkey update (ELSA-2019-3583) python3-hawkey-0.35.1-8.0.1.el8.x86_64.rpm | Linux |
| Python3-libcomps update (ELSA-2019-3583) python3-libcomps-0.1.11-2.el8.x86_64.rpm | Linux |
| Python3-libdnf update (ELSA-2019-3583) python3-libdnf-0.35.1-8.0.1.el8.x86_64.rpm | Linux |
| Python3-librepo update (ELSA-2019-3583) python3-librepo-1.10.3-3.el8.x86_64.rpm | Linux |
| Yum update (ELSA-2019-3583) yum-4.2.7-6.el8.noarch.rpm | Linux |
| Yum-utils update (ELSA-2019-3583) yum-utils-4.0.8-3.el8.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234