{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5121","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2026-03-30T07:39:27.352Z","datePublished":"2026-03-30T07:47:28.562Z","dateUpdated":"2026-05-14T22:36:41.927Z"},"containers":{"cna":{"title":"Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system."}],"affected":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.1.2-14.el7_9.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-7.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.2-8.el8_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-1.el8_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-1.el8_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-6.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-5.el8_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.3.3-5.el8_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-9.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-9.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-2.el9_0.4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-5.el9_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-5.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::crb","cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"affected","versions":[{"version":"0:3.5.3-7.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.12","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"412.86.202604281506-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.12::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"414.92.202605060243-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.14::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"415.92.202605060220-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.15::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"416.94.202604211449-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.16::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","versions":[{"version":"418.94.202604240015-0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift:4.18::el9"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-businesscentral-monitoring-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325677","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-businesscentral-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325711","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-controller-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325710","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-dashbuilder-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-3.1777325680","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-kieserver-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325709","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-process-migration-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325680","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhpam-7/rhpam-smartrouter-rhel8","defaultStatus":"affected","versions":[{"version":"7.13.5-4.1777325708","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","defaultStatus":"affected","versions":[{"version":"1778244559","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","defaultStatus":"affected","versions":[{"version":"1778244531","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","defaultStatus":"affected","versions":[{"version":"1778274666","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-spyre-rhel9","defaultStatus":"affected","versions":[{"version":"1778244546","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","defaultStatus":"affected","versions":[{"version":"1778156756","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libarchive-main","defaultStatus":"affected","versions":[{"version":"3.8.7-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","defaultStatus":"affected","versions":[{"version":"1776868961","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","defaultStatus":"affected","versions":[{"version":"1776868774","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","defaultStatus":"affected","versions":[{"version":"1776868744","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","defaultStatus":"affected","versions":[{"version":"1776868772","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","defaultStatus":"affected","versions":[{"version":"1776868842","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-kubernetes-tp-rhel9","defaultStatus":"affected","versions":[{"version":"1777459441","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-tp-rhel9","defaultStatus":"affected","versions":[{"version":"1777454300","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-tp-rhel9","defaultStatus":"affected","versions":[{"version":"1777459504","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10065","name":"RHSA-2026:10065","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:10097","name":"RHSA-2026:10097","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:11768","name":"RHSA-2026:11768","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:12071","name":"RHSA-2026:12071","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:12274","name":"RHSA-2026:12274","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13812","name":"RHSA-2026:13812","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14773","name":"RHSA-2026:14773","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14937","name":"RHSA-2026:14937","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:15087","name":"RHSA-2026:15087","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:16008","name":"RHSA-2026:16008","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:16009","name":"RHSA-2026:16009","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:16030","name":"RHSA-2026:16030","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:16174","name":"RHSA-2026:16174","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8510","name":"RHSA-2026:8510","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8517","name":"RHSA-2026:8517","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8521","name":"RHSA-2026:8521","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8534","name":"RHSA-2026:8534","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8864","name":"RHSA-2026:8864","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8866","name":"RHSA-2026:8866","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8867","name":"RHSA-2026:8867","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8873","name":"RHSA-2026:8873","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8908","name":"RHSA-2026:8908","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:8944","name":"RHSA-2026:8944","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:9026","name":"RHSA-2026:9026","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:9592","name":"RHSA-2026:9592","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:9832","name":"RHSA-2026:9832","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-5121","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452945","name":"RHBZ#2452945","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/advisories/GHSA-2vwv-vqpv-v8vc"},{"url":"https://github.com/libarchive/libarchive/pull/2934"}],"datePublic":"2026-03-30T07:44:15.222Z","problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-190: Integer Overflow or Wraparound","workarounds":[{"lang":"en","value":"To mitigate this issue, avoid processing untrusted ISO9660 images with applications that utilize `libarchive`. Users should only extract or read content from ISO images obtained from trusted sources."}],"timeline":[{"lang":"en","time":"2026-03-30T07:40:25.358Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-30T07:44:15.222Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Elhanan Haenel for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-05-14T22:36:41.927Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-190","lang":"en","description":"CWE-190 Integer Overflow or Wraparound"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-03-31T03:55:34.402717Z","id":"CVE-2026-5121","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-31T13:52:02.886Z"}}]}}