CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

🗓️ 20 May 2026 23:07:18Reported by redhatType

CVE-2026-9150: Libsolv Debian parser overflow from crafted checksums causing denial of service.

Reporter	Title	Published	Views	Family All 30
ATTACKERKB	CVE-2026-9150	20 May 202623:07	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libsolv, --advisory ALAS2-2026-3338 (ALAS-2026-3338)	8 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-9150	22 May 202600:00	–	nessus
Amazon	Important: libsolv	8 Jun 202600:00	–	amazon
Amazon	Important: libsolv	8 Jun 202600:00	–	amazon
Circl	CVE-2026-9150	21 May 202602:36	–	circl
CNNVD	libsolv 安全漏洞	20 May 202600:00	–	cnnvd
CVE	CVE-2026-9150	20 May 202623:07	–	cve
Debian CVE	CVE-2026-9150	20 May 202623:07	–	debiancve

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Hardened Images",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:hummingbird:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite-capsule:el8/libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsolv",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhui:4::el8"
    ]
  }
]

Source	Link
github	www.github.com/openSUSE/libsolv/pull/616
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2026-9150

28 May 2026 22:38Current

CVSS 3.16.5

EPSS0.00014

CWE-121