Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-20T22:19:32 libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-122

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

This Moderate impact heap buffer overflow in libsolv occurs when processing specially crafted `.solv` files with negative size values. Exploitation requires a victim to process attacker-controlled input, such as an untrusted `.solv` file, which can lead to a denial of service. The vulnerability is not easily exploitable without user interaction or specific application workflows that handle untrusted solvdb inputs. This issue was discovered by AISLE in partnership with Red Hat. To mitigate this issue, avoid processing untrusted `.solv` files with libsolv or any applications that consume `.solv` input. Ensure that all `.solv` data processed by the system originates from trusted sources only. Red Hat Enterprise Linux 10 Affected libsolv Red Hat Enterprise Linux 7 Fix deferred libsolv Red Hat Enterprise Linux 8 Fix deferred libsolv Red Hat Enterprise Linux 9 Fix deferred libsolv Red Hat Hardened Images Affected libsolv Red Hat OpenShift Container Platform 4 Fix deferred rhcos Red Hat Satellite 6 Fix deferred satellite-capsule:el8/libsolv Red Hat Update Infrastructure 4 for Cloud Providers Fix deferred libsolv https://www.cve.org/CVERecord?id=CVE-2026-9149 https://nvd.nist.gov/vuln/detail/CVE-2026-9149 https://github.com/openSUSE/libsolv/pull/617