libsolv Heap Buffer Overflow Vulnerability in Red Hat Products

A heap buffer overflow vulnerability has been identified in libsolv, affecting several Red Hat products including Red Hat Enterprise Linux 7, 8, 9, and 10, as well as Red Hat OpenShift Container Platform 4, Red Hat Satellite 6, and Red Hat Update Infrastructure 4 for Cloud Providers. The vulnerability arises from the decompression of attacker-controlled data in .solv files, which is performed without adequate input validation. This flaw can lead to out-of-bounds memory access, potentially causing information disclosure, unauthorized alteration of program execution, or a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, allowing for out-of-bounds reads and writes. Such memory corruption could be exploited to modify the execution flow of the program or crash the application, creating a denial-of-service situation.

Reproduction

The vulnerability can be reproduced by building libsolv with AddressSanitizer enabled, preparing a .solv file with malicious compressed page data, and then loading this file through the normal parsing process. This will trigger a heap-buffer-overflow error, which can be observed as a crash or an invalid memory read.