CVE-2025-5918

Libarchive: reading past eof may be triggered for piped file streams

CVSS 3.9 LOWEPSS 0.3%CWE-125

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Productos afectados

libarchiveRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat OpenShift Container Platform 4

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0