CVE-2025-5918

EUVD-2025-17573
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
𝑥
< 3.8.0
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u4
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
3.4.3-2+deb11u4
fixed
forky
3.8.7-1
fixed
sid
3.8.7-1
fixed
trixie
3.7.4-4+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bsdtar
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
libarchive-devel
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
libarchive13
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0