CVE-2025-5918

LOW

Libarchive < 3.8.0 - Out-of-Bounds Read

Title source: rule

Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

References (4)

Core 4

Core References

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-5918

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2370877

Patch

https://github.com/libarchive/libarchive/pull/2584

Release Notes

https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Scores

CVSS v3 3.9

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (6)

libarchive/libarchive < 3.8.0

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

redhat/openshift_container_platform 4.0

Published Jun 09, 2025

Tracked Since Feb 18, 2026