Home

Description

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

PUBLISHED Reserved 2026-05-20 | Published 2026-05-20 | Updated 2026-05-21 | Assigner redhat




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

Heap-based Buffer Overflow

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-21:Reported to Red Hat.
2026-05-20:Made public.

Credits

This issue was discovered by AISLE in partnership with Red Hat.

References

github.com/openSUSE/libsolv/pull/617 exploit

access.redhat.com/security/cve/CVE-2026-9149 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2460380 (RHBZ#2460380) issue-tracking

github.com/openSUSE/libsolv/pull/617

cve.org (CVE-2026-9149)

nvd.nist.gov (CVE-2026-9149)

Download JSON