CVE-2026-9149

Summary

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:0.7.33-5.el10_2 < *unaffected
Red HatRed Hat Hardened Images0.7.38-2.hum1 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

Workarounds

To mitigate this issue, avoid processing untrusted .solv files with libsolv or any applications that consume .solv input. Ensure that all .solv data processed by the system originates from trusted sources only.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References