CVE-2026-9149
Analyzed Analyzed - Analysis Complete
Heap Buffer Overflow in libsolv via Malicious .solv File

Publication date: 2026-05-21

Last updated on: 2026-06-02

Assigner: Red Hat, Inc.

Description
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-06-02
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-9149
EUVD
EUVD-2026-31201
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat satellite 6.0
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
redhat update_infrastructure 4
redhat enterprise_linux 10.0
redhat hardened_images *
opensuse libsolv to 0.7.36 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9149 is a heap buffer overflow vulnerability in the libsolv library's repo_add_solv function. It occurs when processing specially crafted .solv files that contain negative size values. These negative values cause an undersized memory allocation, but the program attempts to read a fixed large chunk of data into this small buffer, leading to an out-of-bounds write.

The root cause is an integer overflow when decoding certain header values (like maxsize or allsize) from the .solv file, which results in negative signed integers. This causes the allocation function to allocate less memory than needed, triggering the buffer overflow.

An attacker can exploit this by supplying a malicious .solv file to a victim application that uses libsolv, such as dumpsolv.

Impact Analysis

This vulnerability can be exploited to cause a denial of service (DoS) by crashing the application that processes the malicious .solv file.

Depending on the context and application, other impacts might be possible, but the primary known impact is a DoS due to the heap buffer overflow.

Detection Guidance

This vulnerability can be detected by identifying if your system processes specially crafted .solv files using libsolv versions <= 0.7.36 or consumer applications like dumpsolv.

One practical detection method is to test processing of suspicious or untrusted .solv files with tools such as dumpsolv, especially when compiled with AddressSanitizer (ASAN), which can reveal crashes caused by the heap buffer overflow.

A suggested command to detect the issue is to run dumpsolv on a crafted .solv file and observe for crashes or abnormal termination:

  • ASAN_ENABLED=1 dumpsolv suspicious_file.solv

Monitoring logs or crash reports related to libsolv or dumpsolv processing .solv files can also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation involves avoiding the parsing of untrusted or malicious .solv files with libsolv or any consumer applications until a patched version is applied.

Applying the official patch that adds validation to reject negative or overflowed size values in the repo_add_solv function is critical to prevent exploitation.

If patching is not immediately possible, restrict access to .solv files from untrusted sources and monitor for unusual crashes or denial of service symptoms related to libsolv.

Compliance Impact

The vulnerability in libsolv (CVE-2026-9149) is a heap buffer overflow that can lead to denial of service (DoS) when processing specially crafted .solv files. It does not directly involve unauthorized access to sensitive data or data breaches.

Since the vulnerability primarily causes service disruption rather than data compromise, its impact on compliance with data protection regulations such as GDPR or HIPAA is indirect. However, denial of service incidents can affect availability requirements under these standards.

Organizations relying on libsolv or applications using it should consider the risk of service interruption and apply patches or mitigations to maintain compliance with availability and operational security controls.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart