Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5914

Опубликовано: 20 мая 2025
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Отчет

The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive's RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveOut of support scope
Red Hat OpenShift Container Platform 4rhcosAffected
Red Hat Enterprise Linux 10libarchiveFixedRHSA-2025:1413720.08.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportlibarchiveFixedRHSA-2025:1482828.08.2025
Red Hat Enterprise Linux 8libarchiveFixedRHSA-2025:1413520.08.2025
Red Hat Enterprise Linux 8.2 Advanced Update SupportlibarchiveFixedRHSA-2025:1452825.08.2025
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportlibarchiveFixedRHSA-2025:1481028.08.2025
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnlibarchiveFixedRHSA-2025:1481028.08.2025
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportlibarchiveFixedRHSA-2025:1480828.08.2025
Red Hat Enterprise Linux 8.6 Telecommunications Update ServicelibarchiveFixedRHSA-2025:1480828.08.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-415
https://bugzilla.redhat.com/show_bug.cgi?id=2370861libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

EPSS

Процентиль: 17%
0.00054
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5914

CVSS3: 7.3
ubuntu
5 месяцев назад

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

nvd логотип

CVE-2025-5914

CVSS3: 7.3
nvd
5 месяцев назад

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

msrc логотип

CVE-2025-5914

CVSS3: 3.9
msrc
2 месяца назад

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

debian логотип

CVE-2025-5914

CVSS3: 7.3
debian
5 месяцев назад

A vulnerability has been identified in the libarchive library, specifi ...

rocky логотип

RLSA-2025:14137

rocky
около 1 месяца назад

Important: libarchive security update

EPSS

Процентиль: 17%
0.00054
Низкий

7.3 High

CVSS3