CVE-2026-9150
MEDIUMLibsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Title source: cnaDescription
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
References (3)
Core 3
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-9150
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2460379
https://bugzilla.redhat.com/show_bug.cgi?id=2460379
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
1.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-121
Status
published
Products (8)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Hardened Images
Red Hat/Red Hat OpenShift Container Platform 4
Red Hat/Red Hat Satellite 6
Red Hat/Red Hat Update Infrastructure 4 for Cloud Providers
Published
May 20, 2026
Tracked Since
May 21, 2026