libsolv Stack-Based Buffer Overflow Vulnerability in Debian Metadata Parser

A stack-based buffer overflow vulnerability has been identified in libsolv's Debian metadata parser. This flaw occurs when the parser processes specially crafted Debian repository metadata containing malicious SHA384 or SHA512 checksum tags. The vulnerability leads to memory corruption and a denial-of-service condition on the affected system.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to memory corruption. This type of buffer overflow typically allows for arbitrary code execution, although such exploitation has not been demonstrated in this case. The vulnerability can also cause a denial-of-service by crashing the application or consuming excessive system resources.

Reproduction

The vulnerability can be reproduced by building libsolv with AddressSanitizer enabled, creating a Debian metadata file that includes malicious SHA512 checksum data, and then processing this file with a libsolv tool that ingests Debian metadata. The AddressSanitizer will detect the stack-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

To mitigate this vulnerability, it is recommended to only process trusted and cryptographically signed Debian repository metadata. Avoid handling untrusted 'Packages' files until the vulnerability has been addressed.