CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVSS v3 3.9 LOW

3.9^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en la librería libarchive. Esta falla puede activarse cuando se canalizan flujos de archivos a bsdtar, lo que podría permitir la lectura más allá del final del archivo. Esta lectura fuera de los límites puede tener consecuencias imprevistas, como un comportamiento impredecible del programa, corrupción de memoria o una condición de denegación de servicio.

09 Jun 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-09 20:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-5918

Mitre link : CVE-2025-5918

CVE.ORG link : CVE-2025-5918

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

3.9 /10