CVE-2025-5917

CVE-2025-5917

Name

CVE-2025-5917

Description

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2025-5917
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2370874
secalert@redhat.com	https://github.com/libarchive/libarchive/pull/2588
secalert@redhat.com	https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2025-5917

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2370874

secalert@redhat.com

https://github.com/libarchive/libarchive/pull/2588

secalert@redhat.com

https://github.com/libarchive/libarchive/releases/tag/v3.8.0

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= None	< 3.8.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

libarchive

>= None

< 3.8.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libarchive	edge-main	3.7.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.7.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.7.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.5.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.4.2-r0	None	possibly vulnerable
libarchive	edge-main	3.4.0-r0	None	possibly vulnerable
libarchive	edge-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.22-main	3.7.9-r0	None	possibly vulnerable
libarchive	3.22-main	3.7.5-r0	None	possibly vulnerable
libarchive	3.22-main	3.7.4-r0	None	possibly vulnerable
libarchive	3.22-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.22-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.22-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.22-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.22-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.22-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.21-main	3.7.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.21-main	3.7.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.21-main	3.7.5-r0	None	possibly vulnerable
libarchive	3.21-main	3.7.4-r0	None	possibly vulnerable
libarchive	3.21-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.21-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.21-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.21-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.21-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.21-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.20-main	3.7.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.20-main	3.7.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.20-main	3.7.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.20-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.20-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.20-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.20-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.20-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.20-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.20-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.19-main	3.7.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.19-main	3.7.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.19-main	3.7.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.19-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.19-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.19-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.19-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.19-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.19-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.19-main	3.3.2-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages