CVE-2026-9149

EUVD-2026-31201
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
opensuselibsolv
𝑥
≤ 0.7.36
redhathardened_images
-
redhatopenshift_container_platform
4.0
redhatsatellite
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsolv
bookworm
no-dsa
bullseye
no-dsa
forky
0.7.39-1
fixed
sid
0.7.39-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsolv-devel
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools-base
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libsolv
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debuginfo
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-debugsource
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-demo-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-devel
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
libsolv-tools-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
perl-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python2-solv
Amazon Linux 2
0:0.6.34-4.amzn2.0.1
fixed
python3-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
python3-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed
ruby-solv-debuginfo
Amazon Linux 2023
0:0.7.22-1.amzn2023.0.4
fixed