CVE-2021-3200: Buffer Overflow

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2021-3200.

Q: What is the title of the vulnerability?

The title of the vulnerability is 'Libsolv is vulnerable to a denial of service caused by a buffer overflow in the testcase_read function.'

Q: What is the severity of CVE-2021-3200?

The severity of CVE-2021-3200 is low with a CVSS score of 3.3.

Q: Which software is affected by CVE-2021-3200?

Libsolv version 0.7.17 and IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2021-3200.

Q: How can I fix CVE-2021-3200 in Libsolv?

Update Libsolv to version 0.7.17.

Q: How can I fix CVE-2021-3200 in IBM QRadar SIEM 7.5.0 GA?

Apply the patch available at: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220215133427&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true

Q: How can I fix CVE-2021-3200 in IBM QRadar SIEM 7.4.3 GA - 7.4.3 FP4?

Apply the patch available at: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220307203834&includeRequisites=1&includeSupersedes=0&downloadMethod=http

Q: How can I fix CVE-2021-3200 in IBM QRadar SIEM 7.3.3 GA - 7.3.3 FP10?

Apply the patch available at: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220318161607&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR

Q: What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-3200?

The CWE ID associated with CVE-2021-3200 is CWE-119.

Q: Where can I find more information about CVE-2021-3200?

You can find more information about CVE-2021-3200 at the following references: [github.com/openSUSE/libsolv/issues/416](https://github.com/openSUSE/libsolv/issues/416), [bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1962308](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1962308), [github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec](https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec).

Published May 18, 2021

Updated

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcaseread(Pool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

Affected Software

6 affected componentsFixes available

redhat/libsolv<0.7.17

0.7.17

openSUSE libsolv<0.7.17

Oracle Communications Cloud Native Core Policy=1.15.0

IBM Business Automation Insights<=25.0.0

IBM Business Automation Insights<=24.0.1

IBM Business Automation Insights<=24.0.0

Remediation

Patch Available

https://www.oracle.com/security-alerts/cpuapr2022.html

Event History

May 18, 2021

CVE Published

via MITRE·04:14 PM

Data Sourced

via MITRE·04:14 PM

Description

Nov 3, 2025

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7249999

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2021-3200.

What is the title of the vulnerability?

The title of the vulnerability is 'Libsolv is vulnerable to a denial of service caused by a buffer overflow in the testcase_read function.'

What is the severity of CVE-2021-3200?

The severity of CVE-2021-3200 is low with a CVSS score of 3.3.

Which software is affected by CVE-2021-3200?