CVE-2026-9150

🗓️ 20 May 2026 23:07:18Reported by redhatType

CVE-2026-9150: Stack overflow in libsolv Debian metadata parser via crafted checksums, causing DoS.

Reporter	Title	Published	Views	Family All 37
ATTACKERKB	CVE-2026-9150	20 May 202623:07	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libsolv, --advisory ALAS2-2026-3338 (ALAS-2026-3338)	8 Jun 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Libsolv PHSA-2026-5.0-0886	20 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-9150	22 May 202600:00	–	nessus
Amazon	Important: libsolv	8 Jun 202600:00	–	amazon
Amazon	Important: libsolv	8 Jun 202600:00	–	amazon
Circl	CVE-2026-9150	21 May 202602:36	–	circl
CNNVD	libsolv 安全漏洞	20 May 202600:00	–	cnnvd
Cvelist	CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums	20 May 202623:07	–	cvelist

NVD

Node

opensuse libsolvRange≤0.7.36

redhat hardened_imagesMatch-

redhat openshift_container_platformMatch4.0

redhat satelliteMatch6.0

redhat update_infrastructureMatch4

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linuxMatch10.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.7.33-5.el10_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Hardened Images",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:hummingbird:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite-capsule:el8/libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhui:4::el8"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/openSUSE/libsolv/pull/616
access	www.access.redhat.com/security/cve/CVE-2026-9150
access	www.access.redhat.com/errata/RHSA-2026:28236

24 Jun 2026 01:53Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.0035

SSVC

CWE-121