Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-5745

| EUVDEUVD-2026-19705 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-07 redhat GHSA-fjqv-vj6q-4fcm
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 15:30 euvd
EUVD-2026-19705
Analysis Generated
Apr 07, 2026 - 15:30 vuln.today
CVE Published
Apr 07, 2026 - 14:57 nvd
MEDIUM 5.5

DescriptionCVE.org

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).

AnalysisAI

Libarchive's archive_acl_from_text_nl() function fails to validate malformed ACL strings before dereferencing pointers, allowing local attackers to crash applications that process untrusted archives via specially crafted ACL fields. This NULL pointer dereference results in denial of service with high availability impact. CVSS 5.5 reflects local attack vector and user interaction requirement; no public exploit code or active exploitation confirmed at analysis time.

Technical ContextAI

Libarchive is a widely-used C library for reading and writing archives (tar, zip, ISO, cpio, etc.). The vulnerability resides in ACL (Access Control List) parsing logic, specifically the archive_acl_from_text_nl() function which processes text-formatted ACL entries. The root cause (CWE-476: Null Pointer Dereference) occurs when the function advances internal pointers without validating that required subsequent fields exist after incomplete ACL tags like bare 'd' or 'default'. This allows a malicious archive containing a specially-crafted ACL string in its metadata to trigger an unhandled NULL pointer dereference. Any application linked against vulnerable libarchive versions-including bsdtar (BSD tar utility), file managers, backup tools, and container image handlers-inherits this flaw when processing archive headers.

RemediationAI

Apply the vendor-released security update for your Red Hat product: Red Hat Enterprise Linux users should apply the errata package containing the patched libarchive library from the Red Hat security advisories portal (https://access.redhat.com/security/cve/CVE-2026-5745). OpenShift Container Platform 4 users should update to the patched container base images. For systems where immediate patching is not feasible, limit processing of untrusted archives to sandboxed or isolated environments and avoid automated extraction of archives from untrusted sources. Verify that linked libarchive version is updated by checking library version strings post-patch (e.g., 'strings /usr/lib/libarchive.so | grep -i version'). No workarounds bypass the vulnerability; patching is the primary remediation.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

CVE-2026-5745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy