CVE-2025-5918

Summary

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
0 < 3.8.0affected

Weaknesses

  • CWE-125: Out-of-bounds Read

Workarounds

Upgrade to libarchive version 3.8.0 or later, which includes important security fixes and stability improvements.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References