CVE-2025-5914 - Vulnerability Details

CVE-2025-5914 - Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Libarchive	Libarchive
Redhat	Cert Manager Confidential Compute Attestation Discovery Enterprise Linux Insights Proxy Openshift Openshift Container Platform Openshift Distributed Tracing Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal

Configuration 1 [-]

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:14130
https://access.redhat.com/errata/RHSA-2025:14135
https://access.redhat.com/errata/RHSA-2025:14137
https://access.redhat.com/errata/RHSA-2025:14141
https://access.redhat.com/errata/RHSA-2025:14142
https://access.redhat.com/errata/RHSA-2025:14525
https://access.redhat.com/errata/RHSA-2025:14528
https://access.redhat.com/errata/RHSA-2025:14594
https://access.redhat.com/errata/RHSA-2025:14644
https://access.redhat.com/errata/RHSA-2025:14808
https://access.redhat.com/errata/RHSA-2025:14810
https://access.redhat.com/errata/RHSA-2025:14828
https://access.redhat.com/errata/RHSA-2025:15024
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:15709
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:16524
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/security/cve/CVE-2025-5914
https://bugzilla.redhat.com/show_bug.cgi?id=2370861
https://github.com/libarchive/libarchive/pull/2598
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://nvd.nist.gov/vuln/detail/CVE-2025-5914
https://www.cve.org/CVERecord?id=CVE-2025-5914

History

Wed, 22 Oct 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.19::el9
References		https://access.redhat.com/errata/RHSA-2025:18217

Wed, 22 Oct 2025 05:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:18218

Tue, 21 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.20::el9
References		https://access.redhat.com/errata/RHSA-2025:15397

Thu, 16 Oct 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat cert Manager
CPEs		cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products		Redhat cert Manager
References		https://access.redhat.com/errata/RHSA-2025:18219

Wed, 08 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Fri, 03 Oct 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Tue, 23 Sep 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2025:16524

Mon, 15 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:webterminal:1.12::el9
References		https://access.redhat.com/errata/RHSA-2025:15827

Mon, 15 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat webterminal
CPEs		cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products		Redhat webterminal
References		https://access.redhat.com/errata/RHSA-2025:15828

Thu, 11 Sep 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat confidential Compute Attestation
CPEs		cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products		Redhat confidential Compute Attestation
References		https://access.redhat.com/errata/RHSA-2025:15709

Tue, 02 Sep 2025 03:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:15024

Thu, 28 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:14808 https://access.redhat.com/errata/RHSA-2025:14810

Thu, 28 Aug 2025 07:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:14828

Wed, 27 Aug 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2025:14644

Tue, 26 Aug 2025 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Vendors & Products		Redhat openshift Distributed Tracing
References		https://access.redhat.com/errata/RHSA-2025:14594

Mon, 25 Aug 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:14525 https://access.redhat.com/errata/RHSA-2025:14528

Wed, 20 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:14142

Wed, 20 Aug 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:14141

Wed, 20 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:8::baseos cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:14130 https://access.redhat.com/errata/RHSA-2025:14135

Wed, 20 Aug 2025 08:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:14137

Tue, 12 Aug 2025 10:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 3.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L'}`	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00034}`	epss `{'score': 0.00039}`

Fri, 20 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libarchive Libarchive libarchive Redhat openshift Container Platform
CPEs		cpe:2.3:a:libarchive:libarchive:::::::: cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Libarchive Libarchive libarchive Redhat openshift Container Platform

Tue, 10 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Jun 2025 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-190
References		https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://www.cve.org/CVERecord?id=CVE-2025-5914
Metrics	threat_severity `None`	threat_severity `Low`

Mon, 09 Jun 2025 20:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Title		Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-415
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0
Metrics		cvssV3_1 `{'score': 3.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-06-09T19:53:48.923Z

Updated: 2025-10-22T06:21:40.290Z

Reserved: 2025-06-09T08:10:18.779Z

Link: CVE-2025-5914

Vulnrichment

Updated: 2025-06-10T14:23:42.747Z

NVD

Status : Modified

Published: 2025-06-09T20:15:26.123

Modified: 2025-10-22T07:15:34.520

Link: CVE-2025-5914

Redhat

Severity : Low

Publid Date: 2025-05-20T00:00:00Z

Links: CVE-2025-5914 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object