CVE-2026-48863
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-121
Desbordamiendo de búfer basado en pila (Stack)
Fecha de publicación:
16/07/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/security/cve/CVE-2026-48863
- https://bugzilla.redhat.com/show_bug.cgi?id=2460975
- https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8#diff-309f245ec9b669ec78b8159c39e6f50130b4d4a0448f742685f7833d04bc4caaR592
- https://access.redhat.com/security/cve/CVE-2026-48863
- https://bugzilla.redhat.com/show_bug.cgi?id=2460975
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48863.json



