7.8

CVE-2026-48864

Exploit

Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLibsolv Version0.7.36
RedhatHardened Images Version-
RedhatSatellite Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.104
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=2460425
Third Party Advisory
Exploit
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:21333
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:28236
https://access.redhat.com/errata/RHSA-2026:36730
https://access.redhat.com/security/cve/CVE-2026-48864
Third Party Advisory