CVE-2025-5918
- Source
- https://cve.org/CVERecord?id=CVE-2025-5918
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5918.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-5918
- Downstream
- Related
- Published
- 2025-06-09T19:49:13.544Z
- Modified
- 2026-05-15T11:53:18.765502639Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- Libarchive: reading past eof may be triggered for piped file streams
- Details
-
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
- Database specific
{ "cwe_ids": [ "CWE-125" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5918.json", "cna_assigner": "redhat" }- References
-
- https://access.redhat.com/downloads/content/package-browser/
- https://github.com/libarchive/libarchive/
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://access.redhat.com/security/cve/CVE-2025-5918
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5918.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-5918
- https://bugzilla.redhat.com/show_bug.cgi?id=2370877
- https://github.com/libarchive/libarchive/pull/2584