Medium severity6.5NVD Advisory· Published May 20, 2026· Updated Jun 2, 2026
CVE-2026-9150
CVE-2026-9150
Description
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
52- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords42 versionspkg:rpm/almalinux/libsolvpkg:rpm/almalinux/libsolv-develpkg:rpm/almalinux/libsolv-toolspkg:rpm/almalinux/libsolv-tools-basepkg:rpm/almalinux/python3-solvpkg:rpm/opensuse/libsolv&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Micro%206.2
< 0.7.33-5.el10_2.alma.1+ 41 more
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.33-5.el10_2.alma.1
- (no CPE)range: < 0.7.38-1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150700.6.13.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150700.13.6.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150600.10.55.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-160000.1.1
Patches
Vulnerability mechanics
References
3- github.com/openSUSE/libsolv/pull/616nvdIssue TrackingPatch
- access.redhat.com/security/cve/CVE-2026-9150nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.