CVE-2026-9150

Source
https://cve.org/CVERecord?id=CVE-2026-9150
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9150.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9150
Downstream
Related
Published
2026-05-20T23:07:18.213Z
Modified
2026-07-08T08:13:42.567943399Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Details

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9150.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-121"
    ]
}
References

Affected packages

Git / github.com/opensuse/libsolv

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/libsolv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.36"
        }
    ]
}

Affected versions

0.*
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.20
0.6.21
0.6.22
0.6.23
0.6.24
0.6.25
0.6.26
0.6.27
0.6.28
0.6.29
0.6.30
0.6.31
0.6.32
0.6.33
0.6.34
0.6.35
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.10
0.7.11
0.7.12
0.7.13
0.7.14
0.7.15
0.7.16
0.7.17
0.7.18
0.7.19
0.7.2
0.7.20
0.7.21
0.7.22
0.7.23
0.7.24
0.7.25
0.7.26
0.7.27
0.7.28
0.7.29
0.7.3
0.7.30
0.7.31
0.7.32
0.7.33
0.7.34
0.7.35
0.7.36
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
Other
BASE-SuSE-Code-12_1-Branch
BASE-SuSE-Code-12_2-Branch
BASE-SuSE-Code-12_3-Branch
BASE-SuSE-Code-13_1-Branch

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9150.json"