Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
No privileges needed to process an archive; UI:R reflects required file-open interaction; C:H/I:H/A:H reflects the credible RCE claim from the vendor description, which the official low-impact metrics do not capture.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
AnalysisAI
Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a victim process invokes libarchive to parse a tar archive containing a PAX extended header with a crafted SUN.holesdata sparse-file attribute. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The official CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L) and the resulting score of 3.9 suggest a low-severity, locally-exploitable issue with limited impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts or delivers a specially crafted tar archive containing a PAX extended header with a malformed SUN.holesdata attribute value designed to overflow the heap buffer during parsing. A user or automated process (package manager, backup agent, file extraction pipeline) using a vulnerable libarchive build processes the archive, triggering the overflow. … |
| Remediation | The primary fix is applying the upstream patch available via GitHub pull request #3253 (https://github.com/libarchive/libarchive/pull/3253); a formal tagged release version was not independently confirmed from the available data, so downstream consumers should monitor the libarchive release page and their distribution's security advisories for a packaged update. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42865
GHSA-p59g-85vj-3mvf