CVE-2026-9149
EUVD-2026-3120121.05.2026, 00:16
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opensuse | libsolv | 𝑥 ≤ 0.7.36 |
| redhat | hardened_images | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | satellite | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libsolv-devel |
| ||||||||||||
| libsolv-tools |
| ||||||||||||
| libsolv-tools-base |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| libsolv |
| ||||
| libsolv-debuginfo |
| ||||
| libsolv-debugsource |
| ||||
| libsolv-demo |
| ||||
| libsolv-demo-debuginfo |
| ||||
| libsolv-devel |
| ||||
| libsolv-tools |
| ||||
| libsolv-tools-debuginfo |
| ||||
| perl-solv |
| ||||
| perl-solv-debuginfo |
| ||||
| python2-solv |
| ||||
| python3-solv |
| ||||
| python3-solv-debuginfo |
| ||||
| ruby-solv |
| ||||
| ruby-solv-debuginfo |
|