{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-5914", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-09T08:10:18.779Z", "datePublished": "2025-06-09T19:53:48.923Z", "dateUpdated": "2026-06-30T10:40:27.148Z" }, "containers": { "cna": { "title": "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "metrics": [ { "other": { "content": { "value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition." } ], "affected": [ { "versions": [ { "status": "affected", "version": "0", "lessThan": "3.8.0", "versionType": "semver" } ], "packageName": "libarchive", "collectionURL": "https://github.com/libarchive/libarchive/", "defaultStatus": "unaffected" }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.7.7-4.el10_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:enterprise_linux:10.0" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.1.2-14.el7_9.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_els:7" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-6.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.2-8.el8_2.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-1.el8_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-1.el8_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-6.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-6.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-6.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-5.el8_8.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.3.3-5.el8_8.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.5.3-6.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.5.3-6.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.5.3-2.el9_0.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", "cpe:/o:redhat:rhel_e4s:9.0::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.5.3-5.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "affected", "versions": [ { "version": "0:3.5.3-4.el9_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb", "cpe:/o:redhat:rhel_eus:9.4::baseos" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "414.92.202510211419-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.14::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "415.92.202601271320-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.15::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "416.94.202601071926-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "417.94.202510112152-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.17::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.18", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "418.94.202510230424-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.18::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.19", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "4.19.9.6.202510140714-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.19::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.20", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [ { "version": "4.20.9.6.202509251656-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift:4.20::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Web Terminal 1.11 on RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "web-terminal/web-terminal-rhel9-operator", "defaultStatus": "affected", "versions": [ { "version": "1.11-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:webterminal:1.11::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Web Terminal 1.11 on RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "web-terminal/web-terminal-tooling-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.11-8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:webterminal:1.11::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Web Terminal 1.12 on RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "web-terminal/web-terminal-tooling-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.12-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:webterminal:1.12::el9" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-management-console-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-operator-bundle", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-rhel8-operator", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-18", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-swf-builder-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "RHOSS-1.36-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.36.0-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_serverless:1.36::el8" ] }, { "vendor": "Red Hat", "product": "cert-manager operator for Red Hat OpenShift 1.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cert-manager/jetstack-cert-manager-rhel9", "defaultStatus": "affected", "versions": [ { "version": "v1.16.5-1760515757", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:cert_manager:1.16::el9" ] }, { "vendor": "Red Hat", "product": "OpenShift Compliance Operator 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "compliance/openshift-compliance-must-gather-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.8.0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_compliance_operator:1::el9" ] }, { "vendor": "Red Hat", "product": "OpenShift Compliance Operator 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "compliance/openshift-compliance-openscap-rhel8", "defaultStatus": "affected", "versions": [ { "version": "1.8.0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_compliance_operator:1::el9" ] }, { "vendor": "Red Hat", "product": "OpenShift Compliance Operator 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "compliance/openshift-compliance-rhel8-operator", "defaultStatus": "affected", "versions": [ { "version": "1.8.0", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_compliance_operator:1::el9" ] }, { "vendor": "Red Hat", "product": "OpenShift File Integrity Operator - FIO 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "compliance/openshift-file-integrity-rhel8-operator", "defaultStatus": "affected", "versions": [ { "version": "v1.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_file_integrity_operator:1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Discovery 2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "discovery/discovery-server-rhel9", "defaultStatus": "affected", "versions": [ { "version": "2.2.1-1758555934", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:discovery:2::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Insights proxy 1.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "insights-proxy/insights-proxy-container-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.5.6-1756187445", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:insights_proxy:1.5::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-agent-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116455", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-all-in-one-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116482", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-collector-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116441", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116449", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-es-rollover-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116439", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-ingester-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116447", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-operator-bundle", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756128595", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-query-rhel8", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756125872", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.5.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosdt/jaeger-rhel8-operator", "defaultStatus": "affected", "versions": [ { "version": "rhosdt-3.5-1756116445", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757422110", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757421846", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-monitor-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757421804", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757422070", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-podvm-builder-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757421879", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-podvm-payload-rhel9", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757422401", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-sandboxed-containers/osc-rhel9-operator", "defaultStatus": "affected", "versions": [ { "version": "1.10.2-1757421890", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1.10::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libarchive", "defaultStatus": "unknown", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ] } ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2025:14130", "name": "RHSA-2025:14130", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14135", "name": "RHSA-2025:14135", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14137", "name": "RHSA-2025:14137", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14141", "name": "RHSA-2025:14141", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14142", "name": "RHSA-2025:14142", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14525", "name": "RHSA-2025:14525", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14528", "name": "RHSA-2025:14528", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14594", "name": "RHSA-2025:14594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14644", "name": "RHSA-2025:14644", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14808", "name": "RHSA-2025:14808", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14810", "name": "RHSA-2025:14810", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:14828", "name": "RHSA-2025:14828", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:15024", "name": "RHSA-2025:15024", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:15397", "name": "RHSA-2025:15397", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:15709", "name": "RHSA-2025:15709", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:15827", "name": "RHSA-2025:15827", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:15828", "name": "RHSA-2025:15828", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:16524", "name": "RHSA-2025:16524", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:18217", "name": "RHSA-2025:18217", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:18218", "name": "RHSA-2025:18218", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:18219", "name": "RHSA-2025:18219", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:19041", "name": "RHSA-2025:19041", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:19046", "name": "RHSA-2025:19046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:21885", "name": "RHSA-2025:21885", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:21913", "name": "RHSA-2025:21913", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:0326", "name": "RHSA-2026:0326", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:0934", "name": "RHSA-2026:0934", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:1541", "name": "RHSA-2026:1541", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5914", "tags": [ "vdb-entry", "x_refsource_REDHAT" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", "name": "RHBZ#2370861", "tags": [ "issue-tracking", "x_refsource_REDHAT" ] }, { "url": "https://github.com/libarchive/libarchive/pull/2598" }, { "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" } ], "datePublic": "2025-05-20T00:00:00.000Z", "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound", "timeline": [ { "lang": "en", "time": "2025-06-06T17:58:25.491Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-05-20T00:00:00.000Z", "value": "Made public." } ], "providerMetadata": { "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-30T10:40:27.148Z" }, "x_generator": { "engine": "cvelib 1.8.0" } }, "adp": [ { "references": [ { "url": "https://github.com/libarchive/libarchive/pull/2598", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-06-10T15:14:35.773233Z", "id": "CVE-2025-5914", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T15:30:42.589Z" } } ] } }