Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-25724

Опубликовано: 02 мар. 2025
Источник: debian
EPSS Низкий

Описание

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libarchivefixed3.8.4-1package

Примечания

  • https://github.com/Ekkosun/pocs/blob/main/bsdtarbug

  • https://github.com/libarchive/libarchive/issues/2529

  • Initial fix (incomplete): https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532 (master)

  • Initial fix (incomplete): https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a (v3.7.8)

  • Proper fix proposal: https://github.com/libarchive/libarchive/issues/2710

  • Fixed by: https://github.com/libarchive/libarchive/commit/6bd863f61281aecf2e78737b08838d4a27cf1fcb

  • Fixed by: https://github.com/libarchive/libarchive/commit/044dd7366824535679c597c67011500db6fae43f (v3.8.2)

  • Crash in CLI tool, no security impact

EPSS

Процентиль: 2%
0.00013
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-25724

CVSS3: 4
ubuntu
11 месяцев назад

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

redhat логотип

CVE-2025-25724

CVSS3: 4
redhat
11 месяцев назад

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

nvd логотип

CVE-2025-25724

CVSS3: 4
nvd
11 месяцев назад

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

msrc логотип

CVE-2025-25724

CVSS3: 4
msrc
11 месяцев назад

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

rocky логотип

RLSA-2025:9431

rocky
4 месяца назад

Moderate: libarchive security update

EPSS

Процентиль: 2%
0.00013
Низкий