There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2018-20534