CVE-2026-9150
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
20 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Produtos afetados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Satellite 6Red Hat · Red Hat Update Infrastructure 4 for Cloud ProvidersQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2026:21333https://access.redhat.com/errata/RHSA-2026:28236https://access.redhat.com/errata/RHSA-2026:30649https://access.redhat.com/security/cve/CVE-2026-9150https://bugzilla.redhat.com/show_bug.cgi?id=2460379https://github.com/openSUSE/libsolv/pull/616