{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5914","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-06-09T08:10:18.779Z","datePublished":"2025-06-09T19:53:48.923Z","dateUpdated":"2026-04-20T18:25:59.703Z"},"containers":{"cna":{"title":"Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"3.8.0","versionType":"semver"}],"packageName":"libarchive","collectionURL":"https://github.com/libarchive/libarchive/","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.7.7-4.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.1.2-14.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:8::baseos","cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.2-8.el8_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-1.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-1.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos","cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos","cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-6.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-6.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-2.el9_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos","cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-5.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-4.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos","cpe:/a:redhat:rhel_eus:9.4::crb","cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"414.92.202510211419-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.14::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"415.92.202601271320-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.15::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"416.94.202601071926-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.16::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"417.94.202510112152-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.17::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"418.94.202510230424-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.18::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"4.19.9.6.202510140714-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.19::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"4.20.9.6.202509251656-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Web Terminal 1.11 on RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"web-terminal/web-terminal-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1.11-19","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:webterminal:1.11::el9"]},{"vendor":"Red Hat","product":"Red Hat Web Terminal 1.11 on RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"web-terminal/web-terminal-tooling-rhel9","defaultStatus":"affected","versions":[{"version":"1.11-8","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:webterminal:1.11::el9"]},{"vendor":"Red Hat","product":"Red Hat Web Terminal 1.12 on RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"web-terminal/web-terminal-tooling-rhel9","defaultStatus":"affected","versions":[{"version":"1.12-4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:webterminal:1.12::el9"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-data-index-ephemeral-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-11","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-data-index-postgresql-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-11","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-db-migrator-tool-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-11","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-jobs-service-ephemeral-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-jobs-service-postgresql-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-management-console-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-9","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-rhel8-operator","defaultStatus":"affected","versions":[{"version":"1.36.0-18","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-swf-builder-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-11","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-serverless-1/logic-swf-devmode-rhel8","defaultStatus":"affected","versions":[{"version":"1.36.0-7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"]},{"vendor":"Red Hat","product":"cert-manager operator for Red Hat OpenShift 1.16","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cert-manager/jetstack-cert-manager-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:cert_manager:1.16::el9"]},{"vendor":"Red Hat","product":"File Integrity Operator 1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-file-integrity-rhel8-operator","defaultStatus":"affected","versions":[{"version":"sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_file_integrity_operator:1::el9"]},{"vendor":"Red Hat","product":"OpenShift Compliance Operator 1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-compliance-must-gather-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"]},{"vendor":"Red Hat","product":"OpenShift Compliance Operator 1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-compliance-openscap-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"]},{"vendor":"Red Hat","product":"OpenShift Compliance Operator 1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-compliance-rhel8-operator","defaultStatus":"affected","versions":[{"version":"sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-agent-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-all-in-one-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-collector-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-es-index-cleaner-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:1413caf075bae338e12199fc8a6f53c13b491c81e3ad36251a09bceee554955d","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-es-rollover-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:6ceeba5ce034140d4144ead58de768d8f374aa3f1c4800855871c229ee1cd785","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-ingester-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:044c58b2f2d18d5a20fd23dafc2db1ee6d6d48ac5c20706f176b8132d1d8ac96","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-operator-bundle","defaultStatus":"affected","versions":[{"version":"sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-query-rhel8","defaultStatus":"affected","versions":[{"version":"sha256:35a048b43d21f9f05df76fc7cb5766eb1f708be1c0012f117fdc09851b8047e1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/jaeger-rhel8-operator","defaultStatus":"affected","versions":[{"version":"sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-monitor-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-must-gather-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-podvm-builder-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-podvm-payload-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-sandboxed-containers/osc-rhel9-operator","defaultStatus":"affected","versions":[{"version":"sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:14130","name":"RHSA-2025:14130","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14135","name":"RHSA-2025:14135","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14137","name":"RHSA-2025:14137","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14141","name":"RHSA-2025:14141","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14142","name":"RHSA-2025:14142","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14525","name":"RHSA-2025:14525","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14528","name":"RHSA-2025:14528","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14594","name":"RHSA-2025:14594","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14644","name":"RHSA-2025:14644","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14808","name":"RHSA-2025:14808","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14810","name":"RHSA-2025:14810","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:14828","name":"RHSA-2025:14828","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:15024","name":"RHSA-2025:15024","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:15397","name":"RHSA-2025:15397","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:15709","name":"RHSA-2025:15709","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:15827","name":"RHSA-2025:15827","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:15828","name":"RHSA-2025:15828","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:16524","name":"RHSA-2025:16524","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:18217","name":"RHSA-2025:18217","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:18218","name":"RHSA-2025:18218","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:18219","name":"RHSA-2025:18219","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:19041","name":"RHSA-2025:19041","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:19046","name":"RHSA-2025:19046","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","name":"RHSA-2025:21885","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:21913","name":"RHSA-2025:21913","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:0326","name":"RHSA-2026:0326","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:0934","name":"RHSA-2026:0934","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1541","name":"RHSA-2026:1541","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-5914","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861","name":"RHBZ#2370861","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/libarchive/libarchive/pull/2598"},{"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"datePublic":"2025-05-20T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-190: Integer Overflow or Wraparound","timeline":[{"lang":"en","time":"2025-06-06T17:58:25.491Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-05-20T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-04-20T18:25:59.703Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"references":[{"url":"https://github.com/libarchive/libarchive/pull/2598","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-10T15:14:35.773233Z","id":"CVE-2025-5914","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-10T15:30:42.589Z"}}]}}