Red Hat libsolv Stack Buffer Overflow in Debian METADATA Parser
CVE-2026-9150 Published on May 20, 2026

Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

NVD

Vulnerability Analysis

CVE-2026-9150 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 29 days later.

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2026-9150 has been classified to as a Stack Overflow vulnerability or weakness.


Products Associated with CVE-2026-9150

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Enterprise Linux (RHEL)
 
Red Hat Hummingbird
 
Red Hat Openshift
 
Red Hat Satellite
 
Red Hat Rhui
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Hardened Images: Red Hat OpenShift Container Platform 4: Red Hat Satellite 6: Red Hat Update Infrastructure 4 for Cloud Providers: