Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: libsolv

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-9150
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 8 hours ago by @LeSuisse Activity log
  • Created suggestion 13 hours ago
  • @LeSuisse accepted 8 hours ago
  • @LeSuisse published on GitHub 8 hours ago
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

References

Affected products

rhcos
libsolv
satellite-capsule:el8/libsolv

Matching in nixpkgs

Fixed in 0.7.37.

https://github.com/openSUSE/libsolv/commit/0de68ee047a69a5aae5186f8939bd1d31113aa2a
Permalink CVE-2026-9149
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 8 hours ago by @LeSuisse Activity log
  • Created suggestion 13 hours ago
  • @LeSuisse accepted 8 hours ago
  • @LeSuisse published on GitHub 8 hours ago
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

References

Affected products

rhcos
libsolv
satellite-capsule:el8/libsolv

Matching in nixpkgs

Patch: https://github.com/openSUSE/libsolv/commit/210386037c892a720972ad35a3d8f7073b4d763b