HIGHCVE-2026-48864Published Modified CNA redhat
CVE-2026-48864: Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0.7.38-2.hum1
- Affected Products
- 8
Fix available
0.7.38-2.hum1
Affected packages
- Red Hat / Red Hat Hardened ImagesFixed in 0.7.38-2.hum1
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 7
- Red Hat / Red Hat Enterprise Linux 8
- Red Hat / Red Hat Enterprise Linux 9
- Red Hat / Red Hat OpenShift Container Platform 4
- Red Hat / Red Hat Satellite 6
- Red Hat / Red Hat Update Infrastructure 4 for Cloud Providers
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H