Vulnerability Description
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libarchive | Libarchive | < 3.8.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2025-5918Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2370877Issue Tracking
- https://github.com/libarchive/libarchive/pull/2584Patch
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0Release Notes
FAQ
What is CVE-2025-5918?
CVE-2025-5918 is a vulnerability with a CVSS score of 3.9 (LOW). A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-o...
How severe is CVE-2025-5918?
CVE-2025-5918 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5918?
Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Redhat Openshift Container Platform, Redhat Enterprise Linux.