Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Published

2025-06-09T20:15:27.493

Last Modified

2025-08-15T18:35:04.390

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.9 (LOW)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libarchive	libarchive	< 3.8.0	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-5918 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2370877 Issue Tracking ([email protected])
https://github.com/libarchive/libarchive/pull/2584 Patch ([email protected])
https://github.com/libarchive/libarchive/releases/tag/v3.8.0 Release Notes ([email protected])