CVE-2026-9150
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A stack-based buffer overflow vulnerability was found in libsolv's Debian metadata parser when processing specially crafted repository metadata. An attacker can exploit malicious SHA384 or SHA512 checksum tags, causing memory corruption and denial of service (DoS).
Risk Assessment
The risk involves potential remote system crashes via crafted repository metadata, disrupting package manager operations and preventing software installation or updates.
Recommendation
Immediately update libsolv to the latest patched version. Restrict access to trusted Debian repositories and monitor metadata integrity.
Original NVD description (English source)
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

