A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Exploitation poc

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
unaffected
Version Status Constraints
0 affected < 3.8.0
Red Hat Red Hat Enterprise Linux 10 affected
Version Status Constraints
0:3.7.7-4.el10_0 unaffected < *
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support affected
Version Status Constraints
0:3.1.2-14.el7_9.1 unaffected < *
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
0:3.3.3-6.el8_10 unaffected < *
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support affected
Version Status Constraints
0:3.3.2-8.el8_2.1 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support affected
Version Status Constraints
0:3.3.3-1.el8_4.1 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On affected
Version Status Constraints
0:3.3.3-1.el8_4.1 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support affected
Version Status Constraints
0:3.3.3-6.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service affected
Version Status Constraints
0:3.3.3-6.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions affected
Version Status Constraints
0:3.3.3-6.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service affected
Version Status Constraints
0:3.3.3-5.el8_8.1 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions affected
Version Status Constraints
0:3.3.3-5.el8_8.1 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:3.5.3-6.el9_6 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:3.5.3-6.el9_6 unaffected < *
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions affected
Version Status Constraints
0:3.5.3-2.el9_0.1 unaffected < *
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions affected
Version Status Constraints
0:3.5.3-5.el9_2 unaffected < *
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support affected
Version Status Constraints
0:3.5.3-4.el9_4.1 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.14 affected
Version Status Constraints
414.92.202510211419-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.15 affected
Version Status Constraints
415.92.202601271320-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.16 affected
Version Status Constraints
416.94.202601071926-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.17 affected
Version Status Constraints
417.94.202510112152-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.18 affected
Version Status Constraints
418.94.202510230424-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.19 affected
Version Status Constraints
4.19.9.6.202510140714-0 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.20 affected
Version Status Constraints
4.20.9.6.202509251656-0 unaffected < *
Red Hat Red Hat Web Terminal 1.11 on RHEL 9 affected
Version Status Constraints
1.11-19 unaffected < *
Red Hat Red Hat Web Terminal 1.11 on RHEL 9 affected
Version Status Constraints
1.11-8 unaffected < *
Red Hat Red Hat Web Terminal 1.12 on RHEL 9 affected
Version Status Constraints
1.12-4 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-11 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-11 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-11 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-10 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-10 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-4 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-9 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-12 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-18 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-11 unaffected < *
Red Hat RHOSS-1.36-RHEL-8 affected
Version Status Constraints
1.36.0-7 unaffected < *
Red Hat cert-manager operator for Red Hat OpenShift 1.16 affected
Version Status Constraints
sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b unaffected < *
Red Hat Compliance Operator 1 affected
Version Status Constraints
sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9 unaffected < *
Red Hat Compliance Operator 1 affected
Version Status Constraints
sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41 unaffected < *
Red Hat Compliance Operator 1 affected
Version Status Constraints
sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83 unaffected < *
Red Hat File Integrity Operator 1 affected
Version Status Constraints
sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605 unaffected < *
Red Hat Red Hat Discovery 2 affected
Version Status Constraints
sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 unaffected < *
Red Hat Red Hat Insights proxy 1.5 affected
Version Status Constraints
sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24 unaffected < *
Red Hat Red Hat OpenShift distributed tracing 3.5.1 affected
Version Status Constraints
sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447 unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89 unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422 unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108 unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac unaffected < *
Red Hat Red Hat OpenShift sandboxed containers 1.1 affected
Version Status Constraints
sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d unaffected < *
Red Hat Red Hat Enterprise Linux 6 unknown —

Configuration 1 [-]

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Libarchive Subscribe
Libarchive Subscribe
Redhat Subscribe
Cert Manager Subscribe
Confidential Compute Attestation Subscribe
Discovery Subscribe
Enterprise Linux Subscribe
Insights Proxy Subscribe
Openshift Subscribe
Openshift Compliance Operator Subscribe
Openshift Container Platform Subscribe
Openshift Distributed Tracing Subscribe
Openshift File Integrity Operator Subscribe
Openshift Serverless Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Eus Long Life Subscribe
Rhel Tus Subscribe
Webterminal Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4368-1 libarchive security update
EUVD EUVD EUVD-2025-17572 A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Ubuntu USN Ubuntu USN USN-7601-1 libarchive vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:14130 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14135 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14137 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14141 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14142 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14525 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14528 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14594 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14644 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14808 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14810 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15024 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15397 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15709 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15827 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16524 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18219 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21913 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0326 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0934 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1541 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-5914 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2370861 cve-icon cve-icon
https://github.com/libarchive/libarchive/pull/2598 cve-icon cve-icon cve-icon cve-icon
https://github.com/libarchive/libarchive/releases/tag/v3.8.0 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5914 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5914 cve-icon
History

Thu, 05 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el9
References

Thu, 22 Jan 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Serverless
CPEs cpe:/a:redhat:openshift_serverless:1.36::el8
Vendors & Products Redhat openshift Serverless
References

Thu, 15 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9
References

Wed, 07 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Sat, 22 Nov 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift File Integrity Operator
CPEs cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Vendors & Products Redhat openshift File Integrity Operator
References

Thu, 20 Nov 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Compliance Operator
CPEs cpe:/a:redhat:openshift_compliance_operator:1::el9
Vendors & Products Redhat openshift Compliance Operator
References

Thu, 30 Oct 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
References

Wed, 29 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9
References

Wed, 22 Oct 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.19::el9
References

Wed, 22 Oct 2025 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
References

Tue, 21 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.20::el9
References

Thu, 16 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cert Manager
CPEs cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products Redhat cert Manager
References

Wed, 08 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Fri, 03 Oct 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 23 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Thu, 11 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat confidential Compute Attestation
CPEs cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products Redhat confidential Compute Attestation
References

Tue, 02 Sep 2025 03:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
References

Thu, 28 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Thu, 28 Aug 2025 07:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Wed, 27 Aug 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Tue, 26 Aug 2025 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Vendors & Products Redhat openshift Distributed Tracing
References

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Wed, 20 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus:9.4::crb
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Wed, 20 Aug 2025 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products Redhat rhel E4s
References

Wed, 20 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		 cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 20 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Tue, 12 Aug 2025 10:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L'}

 cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00034}

 epss

{'score': 0.00039}

Fri, 20 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Libarchive
Libarchive libarchive
Redhat openshift Container Platform
CPEs cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Libarchive
Libarchive libarchive
Redhat openshift Container Platform

Tue, 10 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Jun 2025 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Low

Mon, 09 Jun 2025 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Title Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-415
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-02-05T19:19:48.624Z

Reserved: 2025-06-09T08:10:18.779Z

Link: CVE-2025-5914

cve-icon Vulnrichment

Updated: 2025-06-10T14:23:42.747Z

cve-icon NVD

Status : Modified

Published: 2025-06-09T20:15:26.123

Modified: 2026-02-05T20:15:52.523

Link: CVE-2025-5914

cve-icon Redhat

Severity : Low

Publid Date: 2025-05-20T00:00:00Z

Links: CVE-2025-5914 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses