CVE-2026-9150

🗓️ 20 May 2026 23:07:18Reported by redhatType

CVE-2026-9150: Stack overflow in libsolv Debian metadata parser via crafted checksums, causing DoS.

Reporter	Title	Published	Views	Family All 21
ATTACKERKB	CVE-2026-9150	20 May 202623:07	–	attackerkb
Circl	CVE-2026-9150	21 May 202602:36	–	circl
CNNVD	libsolv 安全漏洞	20 May 202600:00	–	cnnvd
Cvelist	CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums	20 May 202623:07	–	cvelist
Debian CVE	CVE-2026-9150	20 May 202623:07	–	debiancve
EUVD	EUVD-2026-31202	21 May 202600:30	–	euvd
NVD	CVE-2026-9150	20 May 202623:16	–	nvd
OPENSUSE Linux	libsolv-demo-0.7.38-1.1 on GA media (moderate)	1 Jun 202600:00	–	opensuse
OSV	DEBIAN-CVE-2026-9150	20 May 202623:16	–	osv
OSV	OESA-2026-2466 libsolv security update	29 May 202613:33	–	osv

NVD

Node

opensuse libsolvRange≤0.7.36

redhat hardened_imagesMatch-

redhat openshift_container_platformMatch4.0

redhat satelliteMatch6.0

redhat update_infrastructureMatch4

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linuxMatch10.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Hardened Images",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:hummingbird:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite-capsule:el8/libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhui:4::el8"
    ]
  }
]

Source	Link
github	www.github.com/openSUSE/libsolv/pull/616
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2026-9150

02 Jun 2026 18:57Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.00015

SSVC

CWE-121