6.5

CVE-2026-9150

Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLibsolv Version <= 0.7.36
RedhatHardened Images Version-
RedhatSatellite Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.318
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://access.redhat.com/security/cve/CVE-2026-9150
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2460379
Third Party Advisory
Issue Tracking
https://github.com/openSUSE/libsolv/pull/616
Patch
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:21333
https://access.redhat.com/errata/RHSA-2026:28236
https://access.redhat.com/errata/RHSA-2026:30649