{"id":"CVE-2021-44568","details":"Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.","modified":"2026-03-15T22:42:24.821868Z","published":"2022-02-21T18:15:08.553Z","references":[{"type":"REPORT","url":"https://github.com/openSUSE/libsolv/issues/425"},{"type":"EVIDENCE","url":"https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940"},{"type":"EVIDENCE","url":"https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensuse/libsolv","events":[{"introduced":"0"},{"fixed":"4bc791c0d235eb14bfe4c5da607206bfdfa6983d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.7.17"}]}}],"versions":["0.6.10","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.17","0.6.18","0.6.19","0.6.20","0.6.21","0.6.22","0.6.23","0.6.24","0.6.25","0.6.26","0.6.27","0.6.28","0.6.29","0.6.30","0.6.31","0.6.32","0.6.33","0.6.34","0.6.35","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.11","0.7.12","0.7.13","0.7.14","0.7.15","0.7.16","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","BASE-SuSE-Code-12_1-Branch","BASE-SuSE-Code-12_2-Branch","BASE-SuSE-Code-12_3-Branch","BASE-SuSE-Code-13_1-Branch"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44568.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}