CVE-2025-5918

Libarchive: reading past eof may be triggered for piped file streams

Published: 6/9/2025 Last updated: 11/21/2025 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.9	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Opam packages affected (1)

conf-cpio

Products affected (13)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	< 10.0.17763.4252
		n/a
Red Hat Enterprise Linux 6	Red Hat	5.5 without patch ESXi550-201709101-SG
Red Hat Enterprise Linux 7	Red Hat	<= 1.0.0
Red Hat Enterprise Linux 8	Red Hat	DLink D-View8 1.0.2.13
Red Hat Enterprise Linux 9	Red Hat	unspecified
Red Hat Enterprise Linux 10	Red Hat	unspecified
		104
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	105
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	106
Red Hat OpenShift Container Platform 4	Red Hat	12.x before 12.5.3

CVE-2025-5918

Libarchive: reading past eof may be triggered for piped file streams

Metrics

Opam packages affected (1)

Products affected (13)

References (8)