CVE-2026-9150
Last modified
CVE-2026-9150 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Libsolv | <= 0.7.36 |
| Redhat | Hardened Images | All versions |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Satellite | 6.0 |
| Redhat | Update Infrastructure | 4 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
References
- https://access.redhat.com/security/cve/CVE-2026-9150Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2460379Issue Tracking, Third Party Advisory
- https://github.com/openSUSE/libsolv/pull/616Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-9150?
How severe is CVE-2026-9150?
How do I fix CVE-2026-9150?
Are you affected by CVE-2026-9150?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST