Vulnerability-Lookup

RHSA-2025:14828

Vulnerability from csaf_redhat - Published: 2025-08-28 06:39 - Updated: 2026-03-18 03:06

Summary

Red Hat Security Advisory: libarchive security update

Severity

Important

Notes

Topic: An update for libarchive is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:14828

References

URL

Category

	https://access.redhat.com/errata/RHSA-2025:14828	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2370861	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-5914	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2370861	external
	https://www.cve.org/CVERecord?id=CVE-2025-5914	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-5914	external
	https://github.com/libarchive/libarchive/pull/2598	external
	https://github.com/libarchive/libarchive/releases…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for libarchive is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:14828",
        "url": "https://access.redhat.com/errata/RHSA-2025:14828"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2370861",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14828.json"
      }
    ],
    "title": "Red Hat Security Advisory: libarchive security update",
    "tracking": {
      "current_release_date": "2026-03-18T03:06:07+00:00",
      "generator": {
        "date": "2026-03-18T03:06:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2025:14828",
      "initial_release_date": "2025-08-28T06:39:16+00:00",
      "revision_history": [
        {
          "date": "2025-08-28T06:39:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-08-28T06:39:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T03:06:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                  "product_id": "7Server-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                  "product_id": "7Server-optional-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.src",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.src",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.ppc",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.ppc",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
                "product": {
                  "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
                  "product_id": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
                "product": {
                  "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
                  "product_id": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.s390",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.s390",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.s390x",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.s390x",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
                "product": {
                  "name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
                  "product_id": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
                "product": {
                  "name": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
                  "product_id": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
                "product": {
                  "name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
                  "product_id": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
                "product": {
                  "name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
                  "product_id": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.i686",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.i686",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
                "product": {
                  "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_id": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@3.1.2-14.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
                "product": {
                  "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_id": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@3.1.2-14.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
                "product": {
                  "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_id": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdcpio@3.1.2-14.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
                "product": {
                  "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_id": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bsdtar@3.1.2-14.el7_9.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
                "product": {
                  "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_id": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@3.1.2-14.el7_9.1?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.src",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
          "product_id": "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bsdtar-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "bsdtar-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.src",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.i686",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
        },
        "product_reference": "libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
        "relates_to_product_reference": "7Server-optional-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5914",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2025-06-06T17:58:25.491000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370861"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
          "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
          "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
          "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
          "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
          "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
          "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
          "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
          "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
          "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
          "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-5914"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370861",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
        },
        {
          "category": "external",
          "summary": "https://github.com/libarchive/libarchive/pull/2598",
          "url": "https://github.com/libarchive/libarchive/pull/2598"
        },
        {
          "category": "external",
          "summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        }
      ],
      "release_date": "2025-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-28T06:39:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:14828"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
            "7Server-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
            "7Server-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:bsdcpio-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:bsdtar-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.src",
            "7Server-optional-ELS:libarchive-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-debuginfo-0:3.1.2-14.el7_9.1.x86_64",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.i686",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.ppc64le",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.s390x",
            "7Server-optional-ELS:libarchive-devel-0:3.1.2-14.el7_9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
    }
  ]
}

BDU:2025-10932

Vulnerability from fstec - Published: 20.05.2025

Title

Уязвимость функции archive_read_format_rar_seek_data() библиотеки Libarchive, позволяющая нарушителю выполнить произвольный код и вызвать отказ в обслуживании

Description

Уязвимость функции archive_read_format_rar_seek_data() библиотеки Libarchive связана с ошибкой повторного освобождения памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код и вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», АО «СберТех», ООО «НЦПР»

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), АЛЬТ СП 10, Platform V SberLinux OS Server (запись в едином реестре российских программ №18785), libarchive, МСВСфера

Software Version

14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), 22.04 LTS (Ubuntu), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), - (АЛЬТ СП 10), 24.04 LTS (Ubuntu), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 7 Extended Lifecycle Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 8.8 Telecommunications Update Service (Red Hat Enterprise Linux), 9.1 (Platform V SberLinux OS Server), 8.4 Extended Update Support Long-Life Add-On (Red Hat Enterprise Linux), до 3.8.0 (libarchive), 9.5 (МСВСфера)

Possible Mitigations

Использование рекомендаций производителя: https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2025-5914 Для программных продуктов Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-5914 Для программных продуктов Ubuntu: https://ubuntu.com/security/CVE-2025-5914 Компенсирующие меры: - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей; - контроль журналов аудита кластера для отслеживания попыток эксплуатации уязвимости. Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/ Для ОС Astra Linux: обновить пакет libarchive до 3.8.1-0astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18 Для ОС Astra Linux: обновить пакет libarchive до 3.8.1-0astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Astra Linux: обновить пакет libarchive до 3.8.1-0astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:14130?lang=ru Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/

Reference

https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://access.redhat.com/security/cve/cve-2025-5914 https://security-tracker.debian.org/tracker/CVE-2025-5914 https://ubuntu.com/security/CVE-2025-5914 https://altsp.su/obnovleniya-bezopasnosti/ https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:14130?lang=ru https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-415

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u0421\u0431\u0435\u0440\u0422\u0435\u0445\u00bb, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 22.04 LTS (Ubuntu), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 24.04 LTS (Ubuntu), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 7 Extended Lifecycle Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 8.8 Telecommunications Update Service (Red Hat Enterprise Linux), 9.1 (Platform V SberLinux OS Server), 8.4 Extended Update Support Long-Life Add-On (Red Hat Enterprise Linux), \u0434\u043e 3.8.0 (libarchive), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://github.com/libarchive/libarchive/pull/2598\nhttps://github.com/libarchive/libarchive/releases/tag/v3.8.0\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-5914\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-5914\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Ubuntu:\nhttps://ubuntu.com/security/CVE-2025-5914\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libarchive \u0434\u043e 3.8.1-0astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libarchive \u0434\u043e 3.8.1-0astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libarchive \u0434\u043e 3.8.1-0astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:14130?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.09.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10932",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-5914, RHSA-2025:14135, RHSA-2025:14137, RHSA-2025:14525, RHSA-2025:14528, RHSA-2025:14808, RHSA-2025:14810, RHSA-2025:14828",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Platform V SberLinux OS Server (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211618785), libarchive, \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , Canonical Ltd. Ubuntu 24.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , Red Hat Inc. Red Hat Enterprise Linux 7 Extended Lifecycle Support , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 25.04 , Red Hat Inc. Red Hat Enterprise Linux 10 , Red Hat Inc. Red Hat Enterprise Linux 8.8 Telecommunications Update Service , \u0410\u041e \u00ab\u0421\u0431\u0435\u0440\u0422\u0435\u0445\u00bb Platform V SberLinux OS Server 9.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211618785), Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On , \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 archive_read_format_rar_seek_data() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Libarchive, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 (CWE-415)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 archive_read_format_rar_seek_data() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Libarchive \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/libarchive/libarchive/pull/2598\nhttps://github.com/libarchive/libarchive/releases/tag/v3.8.0\nhttps://access.redhat.com/security/cve/cve-2025-5914\nhttps://security-tracker.debian.org/tracker/CVE-2025-5914\nhttps://ubuntu.com/security/CVE-2025-5914\n\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2025:14130?lang=ru\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-415",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2025-5914 (GCVE-0-2025-5914)

Vulnerability from cvelistv5 – Published: 2025-06-09 19:53 – Updated: 2026-02-05 19:19

Title

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:14130	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14135	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14137	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14141	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14142	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14525	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14528	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14594	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14644	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14808	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14810	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:14828	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:15024	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:15397	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:15709	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:15827	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:15828	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16524	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:18217	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:18218	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:18219	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19041	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19046	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21913	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0326	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0934	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:1541	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-5914	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2370861	issue-trackingx_refsource_REDHAT
	https://github.com/libarchive/libarchive/pull/2598
	https://github.com/libarchive/libarchive/releases…

Impacted products

Vendor

Product

Version

Affected: 0 , < 3.8.0 (semver)

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.7.7-4.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:3.1.2-14.el7_9.1 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.3.3-6.el8_10 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:3.3.2-8.el8_2.1 , < * (rpm) cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm) cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:3.3.3-1.el8_4.1 , < * (rpm) cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:3.3.3-6.el8_6 , < * (rpm) cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:3.3.3-6.el8_6 , < * (rpm) cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:3.3.3-6.el8_6 , < * (rpm) cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm) cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:3.3.3-5.el8_8.1 , < * (rpm) cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.5.3-6.el9_6 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.5.3-6.el9_6 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:3.5.3-2.el9_0.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.5.3-5.el9_2 , < * (rpm) cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.5.3-4.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: 414.92.202510211419-0 , < * (rpm) cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	Unaffected: 415.92.202601271320-0 , < * (rpm) cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	Unaffected: 416.94.202601071926-0 , < * (rpm) cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	Unaffected: 417.94.202510112152-0 , < * (rpm) cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202510230424-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	Unaffected: 4.19.9.6.202510140714-0 , < * (rpm) cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat OpenShift Container Platform 4.20	Unaffected: 4.20.9.6.202509251656-0 , < * (rpm) cpe:/a:redhat:openshift:4.20::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-19 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-8 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	Unaffected: 1.12-4 , < * (rpm) cpe:/a:redhat:webterminal:1.12::el9
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-4 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-9 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-12 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-18 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-7 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	Unaffected: sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b , < * (rpm) cpe:/a:redhat:cert_manager:1.16::el9
Red Hat	Compliance Operator 1	Unaffected: sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Compliance Operator 1	Unaffected: sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Compliance Operator 1	Unaffected: sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	File Integrity Operator 1	Unaffected: sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605 , < * (rpm) cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Red Hat	Red Hat Discovery 2	Unaffected: sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat OpenShift sandboxed containers 1.1	Unaffected: sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d , < * (rpm) cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Date Public ?

2025-05-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5914",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T15:14:35.773233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T15:30:42.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/libarchive/libarchive/pull/2598"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/libarchive/libarchive/",
          "defaultStatus": "unaffected",
          "packageName": "libarchive",
          "versions": [
            {
              "lessThan": "3.8.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.7-4.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.2-14.el7_9.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-6.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.2-8.el8_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-1.el8_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-1.el8_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-6.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-6.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-6.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.8::baseos",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-5.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.8::baseos",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.3-5.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-6.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-6.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-2.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:9.2::baseos",
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-5.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-4.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202510211419-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202601271320-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202601071926-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202510112152-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202510230424-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.19.9.6.202510140714-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.20::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.20",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.20.9.6.202509251656-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-rhel9-operator",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.12 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-management-console-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-operator-bundle",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-rhel8-operator",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cert_manager:1.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cert-manager/jetstack-cert-manager-rhel9",
          "product": "cert-manager operator for Red Hat OpenShift 1.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-must-gather-rhel8",
          "product": "Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:b282ae2e5cfe451081785f221137d45d05320cf0017c3f1cba18a509d43eb6d9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-openscap-rhel8",
          "product": "Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-rhel8-operator",
          "product": "Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-file-integrity-rhel8-operator",
          "product": "File Integrity Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-agent-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-all-in-one-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-collector-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-rollover-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-ingester-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:69c5921a94e0ac1f254ac8bc1fbd400fc4322b0537320dcd205d9ad854b277f3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-operator-bundle",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-query-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-rhel8-operator",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c1e80172a78d227fb1076cbf608e42b2c551cc09233abd9a6ada74af06758447",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
          "product": "Red Hat OpenShift sandboxed containers 1.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libarchive",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T19:19:48.624Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:14130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14130"
        },
        {
          "name": "RHSA-2025:14135",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14135"
        },
        {
          "name": "RHSA-2025:14137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14137"
        },
        {
          "name": "RHSA-2025:14141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14141"
        },
        {
          "name": "RHSA-2025:14142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14142"
        },
        {
          "name": "RHSA-2025:14525",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14525"
        },
        {
          "name": "RHSA-2025:14528",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14528"
        },
        {
          "name": "RHSA-2025:14594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14594"
        },
        {
          "name": "RHSA-2025:14644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14644"
        },
        {
          "name": "RHSA-2025:14808",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14808"
        },
        {
          "name": "RHSA-2025:14810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14810"
        },
        {
          "name": "RHSA-2025:14828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14828"
        },
        {
          "name": "RHSA-2025:15024",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15024"
        },
        {
          "name": "RHSA-2025:15397",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15397"
        },
        {
          "name": "RHSA-2025:15709",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15709"
        },
        {
          "name": "RHSA-2025:15827",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15827"
        },
        {
          "name": "RHSA-2025:15828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15828"
        },
        {
          "name": "RHSA-2025:16524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16524"
        },
        {
          "name": "RHSA-2025:18217",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18217"
        },
        {
          "name": "RHSA-2025:18218",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18218"
        },
        {
          "name": "RHSA-2025:18219",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18219"
        },
        {
          "name": "RHSA-2025:19041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19041"
        },
        {
          "name": "RHSA-2025:19046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19046"
        },
        {
          "name": "RHSA-2025:21885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21885"
        },
        {
          "name": "RHSA-2025:21913",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21913"
        },
        {
          "name": "RHSA-2026:0326",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0326"
        },
        {
          "name": "RHSA-2026:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0934"
        },
        {
          "name": "RHSA-2026:1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:1541"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-5914"
        },
        {
          "name": "RHBZ#2370861",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
        },
        {
          "url": "https://github.com/libarchive/libarchive/pull/2598"
        },
        {
          "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-06T17:58:25.491Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-20T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-5914",
    "datePublished": "2025-06-09T19:53:48.923Z",
    "dateReserved": "2025-06-09T08:10:18.779Z",
    "dateUpdated": "2026-02-05T19:19:48.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:14828

BDU:2025-10932

CVE-2025-5914 (GCVE-0-2025-5914)

Tags

Sightings

Nomenclature