Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service | Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service |
| First Time appeared |
Redhat
Redhat enterprise Linux Redhat hummingbird Redhat openshift Redhat rhui Redhat satellite |
|
| CPEs | cpe:/a:redhat:hummingbird:1 cpe:/a:redhat:openshift:4 cpe:/a:redhat:rhui:4::el8 cpe:/a:redhat:satellite:6 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux Redhat hummingbird Redhat openshift Redhat rhui Redhat satellite |
|
| References |
|
Sat, 30 May 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Libsolv
Libsolv libsolv |
|
| Vendors & Products |
Libsolv
Libsolv libsolv |
Wed, 27 May 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows. | |
| Title | libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service | |
| Weaknesses | CWE-121 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-16T12:04:46.875Z
Reserved: 2026-05-25T20:59:30.305Z
Link: CVE-2026-48863
No data.
No data.
OpenCVE Enrichment
Updated: 2026-05-30T21:22:42Z