Buffer Overflow Vulnerability in libsolv Affecting Remote Package Processing
CVE-2026-48863
7.5HIGH
Key Information:
- Vendor
Opensuse
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-48863?
A buffer overflow flaw has been identified in the PGP verification component of libsolv, which arises from improper handling of lengths during the copying of EdDSA 's' MPI into a stack buffer. This vulnerability allows a remote attacker to create a malicious Ed25519 PGP signature with mismatched MPI lengths. If this crafted signature is processed within automated package or repository workflows, it could potentially disrupt service and lead to a denial of service scenario.
Affected Version(s)
libsolv 0.6.4 < 0.7.38
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by AISLE Research and AISLE in partnership with Red Hat.