rpm package
opensuse/libsolv&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libsolv&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48863 | imp | 7.5 | < 0.7.38-1.1 | 0.7.38-1.1 | May 26, 2026 | libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service | |
| CVE-2026-9149 | Med | 6.5 | < 0.7.38-1.1 | 0.7.38-1.1 | May 21, 2026 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write | |
| CVE-2026-9150 | Med | 6.5 | < 0.7.38-1.1 | 0.7.38-1.1 | May 20, 2026 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to me | |
| CVE-2018-20532 | — | < 0.7.19-1.4 | 0.7.19-1.4 | Dec 28, 2018 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. |
- affected < 0.7.38-1.1fixed 0.7.38-1.1
libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service
- affected < 0.7.38-1.1fixed 0.7.38-1.1
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write
- affected < 0.7.38-1.1fixed 0.7.38-1.1
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to me
- CVE-2018-20532Dec 28, 2018affected < 0.7.19-1.4fixed 0.7.19-1.4
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.