CVE-2021-33928
📋 TL;DR
A buffer overflow vulnerability in libsolv's pool_installable function allows attackers to cause Denial of Service by crashing applications using this library. This affects systems using libsolv for package dependency resolution, particularly package managers on Linux distributions. The vulnerability can be triggered when processing specially crafted repository metadata.
💻 Affected Systems
- libsolv
- applications using libsolv library
- package managers like DNF, Zypper, libdnf
📦 What is this software?
Libsolv by Opensuse
⚠️ Risk & Real-World Impact
Worst Case
Complete system instability or crash of package management tools, potentially preventing software installation/updates and requiring manual recovery.
Likely Case
Denial of Service through application crash when processing malicious repository data, disrupting package management operations.
If Mitigated
Limited impact with proper network controls and repository validation, potentially causing only temporary service disruption.
🎯 Exploit Status
Exploitation requires ability to feed malicious repository data to vulnerable applications, which could be achieved through repository compromise or network interception.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: libsolv 0.7.17 and later
Vendor Advisory: https://github.com/openSUSE/libsolv/issues/417
Restart Required: No
Instructions:
1. Update libsolv package to version 0.7.17 or later using your distribution's package manager. 2. For distributions: Update via 'sudo dnf update libsolv' (Fedora/RHEL) or 'sudo zypper update libsolv' (openSUSE). 3. Rebuild any statically linked applications with patched library.
🔧 Temporary Workarounds
Repository Validation
linuxValidate repository metadata integrity and only use trusted repositories
# Use GPG-signed repositories only
# Verify repository signatures before use
Network Controls
allRestrict network access to package repositories and use internal mirrors
# Configure firewall to restrict repository access
# Use local repository mirrors with validated content
🧯 If You Can't Patch
- Isolate systems from untrusted networks and repositories
- Implement strict repository validation and use only signed, verified repositories
🔍 How to Verify
Check if Vulnerable:
Check libsolv version: 'rpm -q libsolv' or 'dpkg -l libsolv*' and verify version is below 0.7.17Check Version:
rpm -q libsolv # RHEL/Fedora/SUSE or dpkg -l libsolv* # Debian/UbuntuVerify Fix Applied:
Verify libsolv version is 0.7.17 or higher: 'rpm -q libsolv | grep 0.7.1[7-9]' or check package version in package manager📡 Detection & Monitoring
Log Indicators:
- Package manager crashes or segmentation faults
- Unexpected termination of applications using libsolv
- Repository synchronization failures
Network Indicators:
- Unusual repository traffic patterns
- Connections to untrusted repository sources
SIEM Query:
process.name: ("dnf" OR "zypper" OR "packagekitd") AND event.action: crash