Buffer Overflow Vulnerability in libsolv Affecting Remote Package Processing
CVE-2026-48863

7.5HIGH

What is CVE-2026-48863?

A buffer overflow flaw has been identified in the PGP verification component of libsolv, which arises from improper handling of lengths during the copying of EdDSA 's' MPI into a stack buffer. This vulnerability allows a remote attacker to create a malicious Ed25519 PGP signature with mismatched MPI lengths. If this crafted signature is processed within automated package or repository workflows, it could potentially disrupt service and lead to a denial of service scenario.

Affected Version(s)

libsolv 0.6.4 < 0.7.38

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by AISLE Research and AISLE in partnership with Red Hat.
.