CVE-2026-5745
NULL Pointer Dereference in libarchive ACL Parsing Causes DoS
Publication date: 2026-04-07
Last updated on: 2026-05-03
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| libarchive | libarchive | * |
| redhat | hardened_images | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a Denial of Service (DoS) by crashing applications using the libarchive API when processing malformed ACL strings. It does not involve unauthorized data access, data leakage, or modification.
Therefore, based on the provided information, this vulnerability does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting data confidentiality, integrity, and privacy.
Can you explain this vulnerability to me?
CVE-2026-5745 is a vulnerability in libarchive related to how it parses Access Control List (ACL) strings. Specifically, the function archive_acl_from_text_nl() does not properly validate malformed ACL strings, such as a standalone "d" or "default" tag without the expected following fields. This improper validation causes a NULL pointer dereference when the function advances the pointer incorrectly.
An attacker can exploit this by crafting a malicious archive file that triggers this faulty ACL parsing logic. When an application using the libarchive API (like bsdtar) processes this malicious archive, it can crash due to the NULL pointer dereference, resulting in a Denial of Service (DoS).
How can this vulnerability impact me? :
This vulnerability can cause applications that use libarchive, such as bsdtar, to crash when processing specially crafted malicious archive files. The crash is due to a NULL pointer dereference in the ACL parsing logic, leading to a Denial of Service (DoS) condition.
As a result, systems or services relying on these applications may become unavailable or unstable, potentially disrupting operations or workflows that depend on archive processing.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a NULL pointer dereference in the ACL parsing logic of libarchive when processing malformed ACL strings in archive files.
Detection can involve monitoring for crashes or Denial of Service (DoS) conditions in applications using libarchive, such as bsdtar, especially when handling archive files.
There are no specific commands provided in the available information to detect this vulnerability directly on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The provided information does not specify immediate mitigation steps for this vulnerability.