{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1632","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-02-24T07:00:31.296Z","datePublished":"2025-02-24T13:31:08.871Z","dateUpdated":"2025-02-24T14:25:32.542Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-02-24T13:31:08.871Z"},"title":"libarchive bsdunzip.c list null pointer dereference","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"NULL Pointer Dereference"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-404","lang":"en","description":"Denial of Service"}]}],"affected":[{"vendor":"n/a","product":"libarchive","versions":[{"version":"3.7.0","status":"affected"},{"version":"3.7.1","status":"affected"},{"version":"3.7.2","status":"affected"},{"version":"3.7.3","status":"affected"},{"version":"3.7.4","status":"affected"},{"version":"3.7.5","status":"affected"},{"version":"3.7.6","status":"affected"},{"version":"3.7.7","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in libarchive bis 3.7.7 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion list der Datei bsdunzip.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.3,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1.7,"vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P"}}],"timeline":[{"time":"2025-02-24T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-02-24T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-02-24T08:05:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"rookie (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.296619","name":"VDB-296619 | libarchive bsdunzip.c list null pointer dereference","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.296619","name":"VDB-296619 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.496460","name":"Submit #496460 | libarchive bsdunzip 3.77 NULL Pointer Dereference","tags":["third-party-advisory"]},{"url":"https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-24T14:25:28.717759Z","id":"CVE-2025-1632","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-24T14:25:32.542Z"}}]}}