CVE Catalog

CVE-2026-9150

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A stack-based buffer overflow vulnerability was found in libsolv's Debian metadata parser when processing specially crafted repository metadata. An attacker can exploit malicious SHA384 or SHA512 checksum tags, causing memory corruption and denial of service (DoS).

Risk Assessment

The risk involves potential remote system crashes via crafted repository metadata, disrupting package manager operations and preventing software installation or updates.

Recommendation

Immediately update libsolv to the latest patched version. Restrict access to trusted Debian repositories and monitor metadata integrity.

Original NVD description (English source)

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS