« List of all CVEs

CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Published: 6/9/2025 Last updated: 4/20/2026 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.8 High CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (1)

conf-cpio

Products affected (60)

Product Vendor Version
cert-manager operator for Red Hat OpenShift 1.16 Red Hat n/a
OpenShift Compliance Operator 1 Red Hat n/a
OpenShift Compliance Operator 1 Red Hat All Android releases from CAF using the Linux kernel
OpenShift Compliance Operator 1 Red Hat n/a
File Integrity Operator 1 Red Hat n/a
Red Hat Discovery 2 Red Hat n/a
Red Hat Insights proxy 1.5 Red Hat n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat n/a
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat n/a
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat n/a
Red Hat Enterprise Linux 6 Red Hat n/a
Dell Integrated Remote Access Controller (iDRAC)
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
Red Hat OpenShift sandboxed containers 1.1 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
RHOSS-1.36-RHEL-8 Red Hat n/a
Red Hat OpenShift Container Platform 4.14 Red Hat n/a
Red Hat OpenShift Container Platform 4.20 Red Hat n/a
Red Hat OpenShift Container Platform 4.19 Red Hat n/a
Red Hat OpenShift Container Platform 4.18 Red Hat n/a
Red Hat OpenShift Container Platform 4.17 Red Hat n/a
Red Hat OpenShift Container Platform 4.16 Red Hat n/a
Red Hat OpenShift Container Platform 4.15 Red Hat 24.11.27
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat = 1.7.0
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat Web Terminal 1.11 on RHEL 9 Red Hat n/a
Red Hat Web Terminal 1.12 on RHEL 9 Red Hat n/a
Red Hat Web Terminal 1.11 on RHEL 9 Red Hat n/a

References (33)