CVE-2026-48864

Discovered by AISLEPUBLISHEDCWE-787

Description

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

CVSS Base Scores

CVSS v3.1(Primary)
7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionStatus
Red HatRed Hat Enterprise Linux 100:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 100.7.38-2.hum1
Red HatRed Hat Hardened Images0:0.7.33-5.el10_2unaffected
Red HatRed Hat Hardened Images0.7.38-2.hum1
Red HatRed Hat Enterprise Linux 70:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 70.7.38-2.hum1
Red HatRed Hat Enterprise Linux 80:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 80.7.38-2.hum1
Red HatRed Hat Enterprise Linux 90:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 90.7.38-2.hum1
Red HatRed Hat OpenShift Container Platform 40:0.7.33-5.el10_2unaffected
Red HatRed Hat OpenShift Container Platform 40.7.38-2.hum1
Red HatRed Hat Satellite 60:0.7.33-5.el10_2unaffected
Red HatRed Hat Satellite 60.7.38-2.hum1
Red HatRed Hat Update Infrastructure 4 for Cloud Providers0:0.7.33-5.el10_2unaffected
Red HatRed Hat Update Infrastructure 4 for Cloud Providers0.7.38-2.hum1

Credits

  • This issue was discovered by Found by AISLE in partnership with Red Hat.

References