CVE-2025-5917
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-09

Last updated on: 2025-12-12

Assigner: Red Hat, Inc.

Description
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-09
Last Modified
2025-12-12
Generated
2026-05-07
AI Q&A
2025-06-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5917
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
libarchive libarchive to 3.8.0 (exc)
redhat openshift_container_platform 4.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-5917 is an off-by-one error vulnerability in the libarchive library, specifically in the function that builds file entry names for archives. It involves a miscalculation of prefix and suffix lengths when handling file paths, especially those with trailing slashes, which causes a one-byte buffer overflow. This overflow happens when writing the terminating null byte beyond the allocated buffer size, potentially corrupting adjacent memory. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to unpredictable program behavior or crashes due to memory corruption caused by the one-byte overflow. While the overflow is small, under certain conditions it could be used as a building block for more sophisticated exploits. Systems using vulnerable versions of libarchive on Linux could be affected, especially when processing specially crafted archive files with deeply nested directory structures. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by triggering the one-byte overflow condition, for example by creating deeply nested directory structures with trailing slashes and then archiving them using libarchive tools like bsdtar. A sample command to reproduce the condition is: `mkdir -p foo/bar` followed by `bsdtar cvf test.tar foo////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////bar`. Additionally, compiling libarchive with Address Sanitizer or running it on systems enforcing strict memory safety (such as CHERI capability systems) can detect the overflow as a fault. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating libarchive to a version that includes the fix for this vulnerability (post-April 26, 2025, or version 3.8.0 and later). The fix adjusts the buffer length calculations to prevent the one-byte overflow. Until an updated version is available, avoid processing archives with deeply nested directory structures containing trailing slashes that could trigger the overflow. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart