Description
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Published: 2026-05-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Libsolv contains a stack‑based buffer overflow in its Debian metadata parser when processing SHA384 or SHA512 checksum tags. The flaw can lead to memory corruption that may crash the process, resulting in a denial of service. The weakness is a classic stack overflow (CWE‑121) affecting the handling of repository metadata.

Affected Systems

The vulnerability impacts all Red Hat distributions that incorporate libsolv, including Red Hat Enterprise Linux 10, 7, 8, 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4, Red Hat Satellite 6, and Red Hat Update Infrastructure 4 for Cloud Providers. Any system that consumes Debian repository metadata using libsolv is affected, with no specific product version constraints given in the advisory.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the vulnerability is not currently listed in CISA’s KEV catalog, nor is there an EPSS score available. Attackers likely need to control or influence a Debian repository fed to the vulnerable system; by delivering a specially crafted Packages file containing malicious SHA384/512 checksums, they can trigger the overflow and crash the parser, leading to a denial of service. No exploit code is disclosed, but the path to crash is clear if the attacker can supply the metadata.

Generated by OpenCVE AI on May 21, 2026 at 00:21 UTC.

Remediation

Vendor Workaround

To mitigate this issue, ensure that libsolv only processes trusted and cryptographically signed Debian repository metadata. Avoid ingesting or processing `Packages` files from untrusted or unverified sources.

OpenCVE Recommended Actions

  • Update libsolv to the latest Red Hat‑approved version that includes the buffer‑overflow fix.
  • Configure your systems to accept only cryptographically signed Debian repository metadata, rejecting any unsigned or unverified Packages files.
  • Avoid ingesting or processing Debian Packages files from untrusted or unverified sources to reduce the risk of the overflow occurring.

Generated by OpenCVE AI on May 21, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Red Hat
Red Hat red Hat Satellite 6
Redhat hardened Images
Redhat openshift Container Platform
Redhat update Infrastructure
Vendors & Products Red Hat
Red Hat red Hat Satellite 6
Redhat hardened Images
Redhat openshift Container Platform
Redhat update Infrastructure

Thu, 21 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 20 May 2026 23:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Title Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
Weaknesses CWE-121
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhui:4::el8
cpe:/a:redhat:satellite:6
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Red Hat Red Hat Satellite 6
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform Rhui Satellite Update Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-21T14:25:03.871Z

Reserved: 2026-05-20T22:15:47.147Z

Link: CVE-2026-9150

cve-icon Vulnrichment

Updated: 2026-05-21T14:03:33.408Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T23:16:36.010

Modified: 2026-05-21T15:26:35.653

Link: CVE-2026-9150

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-20T22:59:46Z

Links: CVE-2026-9150 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:18:35Z

Weaknesses