{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5918","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-06-09T08:11:22.154Z","datePublished":"2025-06-09T19:49:13.544Z","dateUpdated":"2026-01-08T03:56:18.543Z"},"containers":{"cna":{"title":"Libarchive: reading past eof may be triggered for piped file streams","metrics":[{"other":{"content":{"value":"Low","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.9,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"3.8.0","versionType":"semver"}],"packageName":"libarchive","collectionURL":"https://github.com/libarchive/libarchive/","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-5918","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370877","name":"RHBZ#2370877","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/libarchive/libarchive/pull/2584"},{"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"datePublic":"2025-05-20T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"Out-of-bounds Read","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-125: Out-of-bounds Read","workarounds":[{"lang":"en","value":"Upgrade to libarchive version 3.8.0 or later, which includes important security fixes and stability improvements."}],"timeline":[{"lang":"en","time":"2025-06-06T19:27:09.090Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-05-20T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-01-08T03:56:18.543Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-10T13:44:05.687379Z","id":"CVE-2025-5918","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-10T14:06:30.905Z"}}]}}