A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.

Project Subscriptions

Vendors Products
Libsolv Subscribe
Libsolv Subscribe
Enterprise Linux Subscribe
Hummingbird Subscribe
Openshift Subscribe
Satellite Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

History

Sat, 18 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhui:4::el8
cpe:/a:redhat:satellite:6
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Redhat rhui
Redhat satellite
References

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Libsolv
Libsolv libsolv
Vendors & Products Libsolv
Libsolv libsolv

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
Title libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service
Weaknesses CWE-121
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-18T02:39:45.746Z

Reserved: 2026-05-25T20:59:30.305Z

Link: CVE-2026-48863

cve-icon Vulnrichment

Updated: 2026-07-16T12:04:46.875Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T18:53:04Z

Links: CVE-2026-48863 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:22:42Z

Weaknesses