Description
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
Published: 2026-05-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Libsolv contains a heap buffer overflow in the repo_add_solv function. A specially crafted .solv file that carries a negative size value can cause the function to allocate less memory than required, leading to an out‑of‑bounds write. This flaw can be leveraged by an attacker to crash the application or the host system, resulting in a denial of service. The weakness is a classic example of an uncontrolled buffer overflow (CWE-122).

Affected Systems

The vulnerability affects Red Hat products that incorporate libsolv, including RHEL 10, RHEL 7, RHEL 8, RHEL 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4, Red Hat Satellite 6, and Red Hat Update Infrastructure 4 for Cloud Providers. All versions using the affected libsolv code are potentially impacted; the specific version numbers are not listed in the data provided.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score is not available, so a precise exploitation likelihood cannot be pinpointed, but the lack of a mitigating factor and the nature of the flaw suggest that an attacker could remotely trigger the overflow by supplying a malicious .solv file from an untrusted source. The vulnerability is not listed in CISA’s KEV catalog, implying that no confirmed exploits are known, yet the risk remains because any application that loads untrusted .solv files could be compromised.

Generated by OpenCVE AI on May 21, 2026 at 00:20 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid processing untrusted `.solv` files with libsolv or any applications that consume `.solv` input. Ensure that all `.solv` data processed by the system originates from trusted sources only.

OpenCVE Recommended Actions

  • Upgrade libsolv or the affected product to a version that contains the fix for the heap buffer overflow.
  • Configure the system to process .solv files only from trusted sources, rejecting or quarantining any that come from external or unknown origins.
  • Restrict access to the utility or API that accepts .solv input, ensuring that only privileged or trusted processes can invoke it.

Generated by OpenCVE AI on May 21, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Opensuse
Opensuse libsolv
Red Hat
Red Hat red Hat Satellite 6
Redhat hardened Images
Redhat openshift Container Platform
Redhat rsatellite
Redhat update Infrastructure
Vendors & Products Opensuse
Opensuse libsolv
Red Hat
Red Hat red Hat Satellite 6
Redhat hardened Images
Redhat openshift Container Platform
Redhat rsatellite
Redhat update Infrastructure

Thu, 21 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 20 May 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
Title Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
Weaknesses CWE-122
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhui:4::el8
cpe:/a:redhat:satellite:6
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Opensuse Libsolv
Red Hat Red Hat Satellite 6
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform Rhui Rsatellite Satellite Update Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-21T18:39:41.665Z

Reserved: 2026-05-20T22:08:56.611Z

Link: CVE-2026-9149

cve-icon Vulnrichment

Updated: 2026-05-21T12:22:23.555Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T00:16:35.630

Modified: 2026-05-21T15:26:35.653

Link: CVE-2026-9149

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-20T22:19:32Z

Links: CVE-2026-9149 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:18:34Z

Weaknesses