VDB

CISA-2025-5914

CISA-2025-5914 PUBLISHED CVSS 7.8 HIGH

Reported by redhat · Published June 9, 2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
0
Red HatRed Hat Enterprise Linux 100:3.7.7-4.el10_0
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:3.1.2-14.el7_9.1
Red HatRed Hat Enterprise Linux 80:3.3.3-6.el8_10
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:3.3.2-8.el8_2.1
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:3.3.3-1.el8_4.1
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:3.3.3-1.el8_4.1
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:3.3.3-6.el8_6
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:3.3.3-6.el8_6
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:3.3.3-6.el8_6
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:3.3.3-5.el8_8.1
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:3.3.3-5.el8_8.1
Red HatRed Hat Enterprise Linux 90:3.5.3-6.el9_6
Red HatRed Hat Enterprise Linux 90:3.5.3-6.el9_6
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:3.5.3-2.el9_0.1
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:3.5.3-5.el9_2
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:3.5.3-4.el9_4.1
Red HatRed Hat OpenShift Container Platform 4.14414.92.202510211419-0
Red HatRed Hat OpenShift Container Platform 4.15415.92.202601271320-0
Red HatRed Hat OpenShift Container Platform 4.16416.94.202601071926-0

…and 103 more

Timeline

  • Jun 9, 2025 CVE Published
  • Feb 5, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch

References

…and 12 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›