CVE-2025-1632

Name
CVE-2025-1632
Description
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
signature https://vuldb.com/?ctiid.296619
vdb-entry https://vuldb.com/?id.296619
third-party-advisory https://vuldb.com/?submit.496460

Match rules

CPE URI Source package Min version Max version
libarchive == 3.7.0 == 3.7.0
libarchive == 3.7.1 == 3.7.1
libarchive == 3.7.2 == 3.7.2
libarchive == 3.7.3 == 3.7.3
libarchive == 3.7.4 == 3.7.4
libarchive == 3.7.5 == 3.7.5
libarchive == 3.7.6 == 3.7.6
libarchive == 3.7.7 == 3.7.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libarchive edge-main 3.7.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable