CVE-2026-9149
Heap Buffer Overflow in libsolv via Malicious .solv File
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensuse | libsolv | to 0.7.36 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-9149 is a heap buffer overflow vulnerability in the libsolv library's repo_add_solv function. It occurs when processing specially crafted .solv files that contain negative size values. These negative values cause an undersized memory allocation, but the program attempts to read a fixed large chunk of data into this small buffer, leading to an out-of-bounds write.
The root cause is an integer overflow when decoding certain header values (like maxsize or allsize) from the .solv file, which results in negative signed integers. This causes the allocation function to allocate less memory than needed, triggering the buffer overflow.
An attacker can exploit this by supplying a malicious .solv file to a victim application that uses libsolv, such as dumpsolv.
How can this vulnerability impact me? :
This vulnerability can be exploited to cause a denial of service (DoS) by crashing the application that processes the malicious .solv file.
Depending on the context and application, other impacts might be possible, but the primary known impact is a DoS due to the heap buffer overflow.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system processes specially crafted .solv files using libsolv versions <= 0.7.36 or consumer applications like dumpsolv.
One practical detection method is to test processing of suspicious or untrusted .solv files with tools such as dumpsolv, especially when compiled with AddressSanitizer (ASAN), which can reveal crashes caused by the heap buffer overflow.
A suggested command to detect the issue is to run dumpsolv on a crafted .solv file and observe for crashes or abnormal termination:
- ASAN_ENABLED=1 dumpsolv suspicious_file.solv
Monitoring logs or crash reports related to libsolv or dumpsolv processing .solv files can also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding the parsing of untrusted or malicious .solv files with libsolv or any consumer applications until a patched version is applied.
Applying the official patch that adds validation to reject negative or overflowed size values in the repo_add_solv function is critical to prevent exploitation.
If patching is not immediately possible, restrict access to .solv files from untrusted sources and monitor for unusual crashes or denial of service symptoms related to libsolv.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in libsolv (CVE-2026-9149) is a heap buffer overflow that can lead to denial of service (DoS) when processing specially crafted .solv files. It does not directly involve unauthorized access to sensitive data or data breaches.
Since the vulnerability primarily causes service disruption rather than data compromise, its impact on compliance with data protection regulations such as GDPR or HIPAA is indirect. However, denial of service incidents can affect availability requirements under these standards.
Organizations relying on libsolv or applications using it should consider the risk of service interruption and apply patches or mitigations to maintain compliance with availability and operational security controls.