PT-2025-24554 · Unknown+6 · Libarchive+6

Carnil

Publicado

2025-05-11

Atualizado

2025-09-29

CVE-2025-5915

CVSS v3.1

6.6

Média

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description A flaw in the libarchive library can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This can cause the library to attempt to read beyond the allocated memory buffer, resulting in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122

Identificadores relacionados

AZL-63786

AZL-63857

BDU:2025-11855

CVE-2025-5915

ECHO-EF0F-BB47-0359

MGASA-2025-0200

OESA-2025-1623

OESA-2025-1624

SUSE-SU-2025:02566-1

SUSE-SU-2025:02718-1

SUSE-SU-2025:02718-2

SUSE-SU-2025:20560-1

SUSE-SU-2025:20594-1

SUSE-SU-2025_02566-1

SUSE-SU-2025_02718-2

USN-7601-1

Produtos afetados

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Libarchive

PT-2025-24554 · Unknown+6 · Libarchive+6

CVE-2025-5915

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68