Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5917

Опубликовано: 20 мая 2025
Источник: redhat
CVSS3: 2.8
EPSS Низкий

Описание

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

Меры по смягчению последствий

Upgrade to libarchive version 3.8.0 or later, which includes important security fixes and stability improvements.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libarchiveFix deferred
Red Hat Enterprise Linux 6libarchiveOut of support scope
Red Hat Enterprise Linux 7libarchiveOut of support scope
Red Hat Enterprise Linux 8libarchiveFix deferred
Red Hat Enterprise Linux 9libarchiveFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-193->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2370874libarchive: Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

EPSS

Процентиль: 2%
0.00015
Низкий

2.8 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5917

CVSS3: 2.8
ubuntu
около 2 месяцев назад

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

nvd логотип

CVE-2025-5917

CVSS3: 2.8
nvd
около 2 месяцев назад

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

debian логотип

CVE-2025-5917

CVSS3: 2.8
debian
около 2 месяцев назад

A vulnerability has been identified in the libarchive library. This fl ...

github логотип

GHSA-29vm-vjqm-q2mx

CVSS3: 2.8
github
около 2 месяцев назад

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

suse-cvrf логотип

SUSE-SU-2025:02566-1

suse-cvrf
7 дней назад

Security update for libarchive

EPSS

Процентиль: 2%
0.00015
Низкий

2.8 Low

CVSS3