Untriaged
Permalink
CVE-2025-5918
3.9 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): LOW
Libarchive: reading past eof may be triggered for piped file streams
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
References
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918 x_refsource_REDHAT vdb-entry
- RHBZ#2370877 issue-tracking x_refsource_REDHAT
- https://github.com/libarchive/libarchive/pull/2584
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
Affected products
rhcos
libarchive
- <3.8.0
Matching in nixpkgs
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@jcumming Jack Cummings <jack@mudshark.org>