CVE-2025-5917
EUVD-2025-1757409.06.2025, 20:15
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libarchive | libarchive | 𝑥 < 3.8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libarchive |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bsdtar |
| ||||||||||||||||||||
| libarchive-devel |
| ||||||||||||||||||||
| libarchive13 |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| bsdcat |
| ||||
| bsdcat-debuginfo |
| ||||
| bsdcpio |
| ||||
| bsdcpio-debuginfo |
| ||||
| bsdtar |
| ||||
| bsdtar-debuginfo |
| ||||
| bsdunzip |
| ||||
| bsdunzip-debuginfo |
| ||||
| libarchive |
| ||||
| libarchive-debuginfo |
| ||||
| libarchive-debugsource |
| ||||
| libarchive-devel |
|
Azure Linux Releases
Common Weakness Enumeration