← volver
CVE-2025-5918

Libarchive: reading past eof may be triggered for piped file streams

CVSS 3.9 LOWEPSS 0.3%CWE-125
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 3.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 jun 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →