rpm package
suse/libsolv&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44942 | — | < 0.7.39-150500.6.17.1 | 0.7.39-150500.6.17.1 | Jun 18, 2026 | A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content. | ||
| CVE-2026-48863 | imp | 7.5 | < 0.7.39-150500.6.17.1 | 0.7.39-150500.6.17.1 | May 26, 2026 | libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service | |
| CVE-2026-9149 | Med | 6.5 | < 0.7.39-150500.6.17.1 | 0.7.39-150500.6.17.1 | May 21, 2026 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write | |
| CVE-2026-9150 | Med | 6.5 | < 0.7.39-150500.6.17.1 | 0.7.39-150500.6.17.1 | May 20, 2026 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to me | |
| CVE-2026-44933 | Hig | 7.8 | < 0.7.39-150500.6.17.1 | 0.7.39-150500.6.17.1 | May 20, 2026 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/b |
- CVE-2026-44942Jun 18, 2026affected < 0.7.39-150500.6.17.1fixed 0.7.39-150500.6.17.1
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
- affected < 0.7.39-150500.6.17.1fixed 0.7.39-150500.6.17.1
libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service
- affected < 0.7.39-150500.6.17.1fixed 0.7.39-150500.6.17.1
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write
- affected < 0.7.39-150500.6.17.1fixed 0.7.39-150500.6.17.1
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to me
- affected < 0.7.39-150500.6.17.1fixed 0.7.39-150500.6.17.1
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/b