CVE-2026-9150

EUVD-2026-31202
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
libsolv
bookworm
vulnerable
bullseye
vulnerable
forky
0.7.37-1
fixed
sid
0.7.37-1
fixed
trixie
vulnerable
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-9150
https://bugzilla.redhat.com/show_bug.cgi?id=2460379
https://github.com/openSUSE/libsolv/pull/616