CVE-2026-9150
Received
Received - Intake
Buffer Overflow in libsolv Debian Metadata Parser
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in libsolv's Debian metadata parser. It occurs when the parser processes specially crafted Debian repository metadata containing malicious SHA384 or SHA512 checksum tags. Exploiting this flaw can cause memory corruption.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could cause a denial of service (DoS) on the affected system by triggering memory corruption through malicious checksum tags in Debian repository metadata.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70