CVE-2025-5914
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-02-05
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| libarchive | libarchive | to 3.8.0 (exc) |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5914 is a vulnerability in the libarchive library, specifically in the archive_read_format_rar_seek_data() function. It involves an integer overflow that leads to a double free condition, where memory is freed twice improperly. This happens because processing a large number of nodes causes an unsigned integer overflow, triggering a realloc call with zero size, which frees memory prematurely. When the system later tries to free the same memory again, it causes memory corruption. This flaw can be exploited to execute arbitrary code or cause a denial-of-service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption, which attackers can exploit to execute arbitrary code on the affected system or cause a denial-of-service condition, potentially crashing applications that use the vulnerable libarchive versions. The impact is considered low severity but can still compromise system stability or security if exploited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-5914 involves identifying usage of vulnerable libarchive versions prior to 3.8.0, especially when processing RAR archives. Since the vulnerability triggers on processing specially crafted RAR files that cause an integer overflow and double free, one detection method is to test the system with a proof-of-concept RAR archive designed to trigger the issue, as referenced in the patch discussion. Additionally, checking the installed libarchive version can be done with commands like `ldd --version` or querying the package manager, e.g., `rpm -q libarchive` on Red Hat-based systems or `dpkg -s libarchive` on Debian-based systems. Monitoring system logs for crashes or memory corruption related to archive processing tools like bsdtar may also help detect exploitation attempts. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade libarchive to version 3.8.0 or later, where the vulnerability has been fixed. Until the upgrade can be applied, avoid processing untrusted or specially crafted RAR archives with vulnerable versions of libarchive to reduce risk. Applying vendor patches or updates as soon as they become available is also recommended. [1, 2]