CVE-2025-5918
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-09

Last updated on: 2025-08-15

Assigner: Red Hat, Inc.

Description
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-09
Last Modified
2025-08-15
Generated
2026-05-07
AI Q&A
2025-06-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5918
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
libarchive libarchive to 3.8.0 (exc)
redhat openshift_container_platform 4.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-5918 is a vulnerability in the libarchive library where reading past the end of a file (EOF) can occur when processing piped archive streams, such as when using bsdtar. This out-of-bounds read happens because libarchive does not properly handle EOF conditions in piped streams, potentially causing unpredictable program behavior, memory corruption, or denial-of-service conditions. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to unintended consequences including unpredictable program behavior, memory corruption, or denial-of-service conditions when handling archive files. It may cause crashes or instability in applications that use libarchive to process piped archive streams, potentially affecting system reliability and security. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the use of libarchive tools like bsdtar when processing piped archive streams, especially looking for error messages indicating reading past EOF or truncated input files. Running bsdtar commands on suspect archives and observing error outputs such as "Truncated input file (needed X bytes, only Y available)" can help identify the issue. For example, you can test with a truncated RAR archive piped into bsdtar and check for these specific error messages. There are no specific network detection commands provided, but monitoring logs for such error messages during archive extraction is recommended. [2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, update libarchive to version 3.8.0 or later, where the patch preventing reads past EOF has been applied. Avoid processing piped archive streams with vulnerable versions of libarchive. If updating is not immediately possible, carefully validate and avoid using truncated or corrupted archive files to reduce the risk of triggering the flaw. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart