HIGH🇵🇱 Wersja polska

CVE-2026-48864

CVSS 7.8v3.1pub. 2026-05-26upd. 2026-06-24

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Opensuse Libsolv

    APP
    Opensuse
    0.7.36
  • Red Hat Enterprise Linux

    OS
    Redhat
    10.07.08.09.0
  • Red Hat Hardened Images

    APP
    Redhat
    wszystkie wersje
  • Red Hat OpenShift Container Platform

    APP
    Redhat
    4.0
  • Red Hat Satellite

    APP
    Redhat
    6.0
  • Red Hat Update Infrastructure

    APP
    Redhat
    4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSMemory
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-7609CRITICAL10.0⚠ KEVten sam produkt

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...

CVE-2019-1003030CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...

CVE-2019-1003029CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...