CVE-2025-5918
⚪ Do wiadomości
Błąd w bibliotece libarchive umożliwia odczyt poza końcem pliku, co może prowadzić do awarii.
CVSS
3.9
EPSS
0.3%
Exploit
none
Vendor
redhat
Opis źródłowy (NVD)
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.9 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2025-06-09 20:15:27 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-25 08:16:28 UTC |
Referencje
- https://access.redhat.com/security/cve/CVE-2025-5918 (secalert@redhat.com) [Vendor Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2370877 (secalert@redhat.com) [Issue Tracking]
- https://github.com/libarchive/libarchive/pull/2584 (secalert@redhat.com) [Patch]
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0 (secalert@redhat.com) [Release Notes]