CVE-2026-48863

EUVD-2026-44842
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
opensuselibsolv
0.6.4 ≤
𝑥
< 0.7.38
CNA
Debian logo
Debian Releases
Debian Product
Codename
libsolv
bookworm
no-dsa
bullseye
no-dsa
forky
0.7.39-1
fixed
sid
0.7.39-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsolv-devel
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools-base
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libsolv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debugsource
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-devel
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python3-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python3-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed