CVE-2026-9149 PUBLISHED

Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

Assigner: redhat
Reserved: 20.05.2026 Published: 20.05.2026 Updated: 21.05.2026

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Hardened Images
Versions Default: affected
Vendor Red Hat
Product Red Hat OpenShift Container Platform 4
Versions Default: affected
Vendor Red Hat
Product Red Hat Satellite 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Update Infrastructure 4 for Cloud Providers
Versions Default: affected

Workarounds

To mitigate this issue, avoid processing untrusted .solv files with libsolv or any applications that consume .solv input. Ensure that all .solv data processed by the system originates from trusted sources only.

Credits

  • This issue was discovered by Found by AISLE in partnership with Red Hat.

References

Problem Types

  • Heap-based Buffer Overflow CWE