Medium severity6.5NVD Advisory· Published May 21, 2026· Updated Jun 2, 2026
CVE-2026-9149
CVE-2026-9149
Description
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
53- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords42 versionspkg:rpm/almalinux/libsolvpkg:rpm/almalinux/libsolv-develpkg:rpm/almalinux/libsolv-toolspkg:rpm/almalinux/libsolv-tools-basepkg:rpm/almalinux/python3-solvpkg:rpm/opensuse/libsolv&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Micro%206.2
< 0.7.33-5.el10_2.alma.1+ 41 more
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.38-1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150700.6.13.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150700.13.6.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150600.10.55.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-160000.1.1
Patches
Vulnerability mechanics
References
3- github.com/openSUSE/libsolv/pull/617nvdIssue TrackingPatch
- access.redhat.com/security/cve/CVE-2026-9149nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.