Description
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
Published: 2026-07-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhui:4::el8
cpe:/a:redhat:satellite:6
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
References

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Libsolv
Libsolv libsolv
Vendors & Products Libsolv
Libsolv libsolv

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
Title libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service
Weaknesses CWE-121
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


Subscriptions

Libsolv Libsolv
Redhat Enterprise Linux Hummingbird Openshift Rhui Satellite
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-16T12:04:46.875Z

Reserved: 2026-05-25T20:59:30.305Z

Link: CVE-2026-48863

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T18:53:04Z

Links: CVE-2026-48863 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:22:42Z

Weaknesses