CVE-2026-48864

EUVD-2026-31859
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
opensuselibsolv
0.7.36
redhathardened_images
-
redhatopenshift_container_platform
4.0
redhatsatellite
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsolv
bookworm
unimportant
bullseye
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libsolv
RHEL 8
0:0.7.20-7.el8_10
fixed
libsolv-devel
RHEL 8
0:0.7.20-7.el8_10
fixed
libsolv-tools
RHEL 8
0:0.7.20-7.el8_10
fixed
python3-solv
RHEL 8
0:0.7.20-7.el8_10
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libsolv
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debuginfo
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debugsource
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-devel
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python2-solv
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
python3-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python3-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed