What is GHSA-p4w9-3pj8-mhq7?

GHSA-p4w9-3pj8-mhq7 is a security advisory published by GitHub Security Advisories with Medium severity. A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's...

Which CVE IDs does GHSA-p4w9-3pj8-mhq7 cover?

GHSA-p4w9-3pj8-mhq7 covers the following CVE IDs: CVE-2026-9150. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-p4w9-3pj8-mhq7?

GHSA-p4w9-3pj8-mhq7 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-p4w9-3pj8-mhq7MediumCVSS 6.5

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-9150 →

📋 Description

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-9150
https://github.com/openSUSE/libsolv/pull/616
https://access.redhat.com/security/cve/CVE-2026-9150
https://bugzilla.redhat.com/show_bug.cgi?id=2460379
https://github.com/advisories/GHSA-p4w9-3pj8-mhq7