CVE-2026-9150

Modified Modified - Updated After Analysis

Buffer Overflow in libsolv Debian Metadata Parser

Publication date: 2026-05-20

Last updated on: 2026-06-29

Assigner: Red Hat, Inc.

Description

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-20

Last Modified

2026-06-29

Generated

2026-06-30

AI Q&A

2026-05-21

EPSS Evaluated

2026-06-29

NVD

CVE-2026-9150

EUVD

EUVD-2026-31202

Affected Vendors & Products

Vendor	Product	Version / Range
redhat	enterprise_linux	7.0
redhat	satellite	6.0
redhat	enterprise_linux	8.0
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	9.0
redhat	update_infrastructure	4
redhat	enterprise_linux	10.0
redhat	hardened_images	*
opensuse	libsolv	to 0.7.36 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-121	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

Executive Summary

This vulnerability is a stack-based buffer overflow found in libsolv's Debian metadata parser. It occurs when the parser processes specially crafted Debian repository metadata containing malicious SHA384 or SHA512 checksum tags. Exploiting this flaw can cause memory corruption.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

An attacker exploiting this vulnerability could cause a denial of service (DoS) on the affected system by triggering memory corruption through malicious checksum tags in Debian repository metadata.

Detection Guidance

This vulnerability occurs when libsolv processes specially crafted Debian repository metadata containing malicious SHA384 or SHA512 checksum tags that overflow a fixed-size buffer.

Detection involves monitoring or analyzing the processing of Debian repository metadata, especially Packages files, for abnormal behavior or crashes related to libsolv.

While no specific detection commands are provided, you can check the installed libsolv version to determine if it is vulnerable (versions up to and including 0.7.36 are affected).

Check libsolv version: `rpm -q libsolv` (on RPM-based systems) or `dpkg -l | grep libsolv` (on Debian-based systems).
Monitor system logs for crashes or memory corruption events related to libsolv when updating or accessing Debian repositories.
Use debugging tools like AddressSanitizer or run libsolv with sanitizers enabled to detect buffer overflows during repository metadata parsing.

Mitigation Strategies

Immediate mitigation involves updating libsolv to a fixed version that addresses the buffer overflow by increasing the buffer size and replacing unsafe string operations.

If an update is not immediately available, avoid using untrusted or malicious Debian repository metadata sources, as exploitation requires supplying crafted metadata.

Upgrade libsolv to a version later than 0.7.36 where the buffer size has been increased and strcpy replaced with safer functions.
Restrict repository metadata sources to trusted and verified repositories only.
Monitor for and apply patches or security updates from your distribution or libsolv maintainers promptly.

Hi! I’m here to help you understand CVE-2026-9150. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70