CVE-2026-9150

Discovered by AISLEPUBLISHEDCWE-121

Description

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

CVSS Base Scores

CVSS v3.1(Primary)
6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionStatus
Red HatRed Hat Enterprise Linux 100:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 100.7.38-2.hum1
Red HatRed Hat Enterprise Linux 100.7.39-3.hum1
Red HatRed Hat Hardened Images0:0.7.33-5.el10_2unaffected
Red HatRed Hat Hardened Images0.7.38-2.hum1
Red HatRed Hat Hardened Images0.7.39-3.hum1
Red HatRed Hat Enterprise Linux 70:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 70.7.38-2.hum1
Red HatRed Hat Enterprise Linux 70.7.39-3.hum1
Red HatRed Hat Enterprise Linux 80:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 80.7.38-2.hum1
Red HatRed Hat Enterprise Linux 80.7.39-3.hum1
Red HatRed Hat Enterprise Linux 90:0.7.33-5.el10_2unaffected
Red HatRed Hat Enterprise Linux 90.7.38-2.hum1
Red HatRed Hat Enterprise Linux 90.7.39-3.hum1
Red HatRed Hat OpenShift Container Platform 40:0.7.33-5.el10_2unaffected
Red HatRed Hat OpenShift Container Platform 40.7.38-2.hum1
Red HatRed Hat OpenShift Container Platform 40.7.39-3.hum1
Red HatRed Hat Satellite 60:0.7.33-5.el10_2unaffected
Red HatRed Hat Satellite 60.7.38-2.hum1
Red HatRed Hat Satellite 60.7.39-3.hum1
Red HatRed Hat Update Infrastructure 4 for Cloud Providers0:0.7.33-5.el10_2unaffected
Red HatRed Hat Update Infrastructure 4 for Cloud Providers0.7.38-2.hum1
Red HatRed Hat Update Infrastructure 4 for Cloud Providers0.7.39-3.hum1

Credits

  • This issue was discovered by Found by AISLE in partnership with Red Hat.

References