How to fix EUVD-2025-17573?

During next maintenance window: Apply vendor patches when convenient. Verify out-of-bounds read controls are in place.

Is Ubuntu affected by EUVD-2025-17573?

CVE-2025-5918 is a low-severity vulnerability in A vulnerability involving out-of-bounds read (CVSS 3.9). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

EUVD-2025-17573

| CVE-2025-5918 LOW

2025-06-09 [email protected]

3.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17573

Patch Released

Mar 14, 2026 - 19:21 nvd

Patch available

CVE Published

Jun 09, 2025 - 20:15 nvd

LOW 3.9

Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Analysis

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

Affected Products

Affected products: Libarchive Libarchive, Redhat Openshift Container Platform 4.0, Redhat Enterprise Linux 6.0

Remediation

A vendor patch is available — apply it immediately. Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +20

POC: 0

Vendor Status

Ubuntu

Priority: Low

libarchive

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	released	3.8.0
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1107624

libarchive

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.4.3-2+deb11u3	-
bullseye (security)	fixed	3.4.3-2+deb11u3	-
bookworm	vulnerable	3.6.2-1+deb12u3	-
bookworm (security)	vulnerable	3.6.2-1+deb12u2	-
trixie	vulnerable	3.7.4-4	-
forky, sid	fixed	3.8.5-1	-
(unstable)	fixed	3.8.4-1	-

DLA-4368-1

EUVD-2025-17573 vulnerability details – vuln.today

Back

EUVD-2025-17573

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-17573

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code