libsolv Heap B.O. in repo_add_solv via negative .solv size
CVE-2026-9149 Published on May 20, 2026

Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

NVD

Vulnerability Analysis

CVE-2026-9149 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 29 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2026-9149

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Enterprise Linux (RHEL)
 
Red Hat Hummingbird
 
Red Hat Openshift
 
Red Hat Satellite
 
Red Hat Rhui
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Hardened Images: Red Hat OpenShift Container Platform 4: Red Hat Satellite 6: Red Hat Update Infrastructure 4 for Cloud Providers: