6.5
CVE-2026-9150
- EPSS 0.4%
- Veröffentlicht 20.05.2026 23:16:36
- Zuletzt bearbeitet 29.06.2026 17:16:30
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Hardened Images Version-
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Update Infrastructure Version4
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.318 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
https://access.redhat.com/security/cve/CVE-2026-9150
https://bugzilla.redhat.com/show_bug.cgi?id=2460379
https://github.com/openSUSE/libsolv/pull/616
https://access.redhat.com/errata/RHSA-2026:21333
https://access.redhat.com/errata/RHSA-2026:28236
https://access.redhat.com/errata/RHSA-2026:30649