EUVD-2025-17574

| CVE-2025-5917 LOW
2025-06-09 [email protected]
2.8
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17574
Patch Released
Mar 14, 2026 - 19:21 nvd
Patch available
CVE Published
Jun 09, 2025 - 20:15 nvd
LOW 2.8

Tags

Buffer Overflow Memory Corruption Ubuntu Debian

Description

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Analysis

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).

Affected Products

Affected products: Libarchive Libarchive, Redhat Openshift Container Platform 4.0, Redhat Enterprise Linux 6.0

Remediation

A vendor patch is available — apply it immediately. Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

14
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +14
POC: 0

Vendor Status

Ubuntu

Priority: Medium
libarchive
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
upstream needs-triage -
jammy released 3.6.0-1ubuntu1.5
noble released 3.7.2-2ubuntu0.5
oracular released 3.7.4-1ubuntu0.3
plucky released 3.7.7-0ubuntu2.3
questing released 3.7.7-0ubuntu3
USN-7601-1

Debian

Bug #1107626
libarchive
Release Status Fixed Version Urgency
bullseye fixed 3.4.3-2+deb11u3 -
bullseye (security) fixed 3.4.3-2+deb11u3 -
bookworm fixed 3.6.2-1+deb12u3 -
bookworm (security) vulnerable 3.6.2-1+deb12u2 -
trixie fixed 3.7.4-4 -
forky, sid fixed 3.8.5-1 -
(unstable) fixed 3.7.4-4 -
DLA-4368-1

Share

EUVD-2025-17574 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy