Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: python311Packages.libarchive-c

Found 5 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-5914
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 10 months ago
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

References

Affected products

rhcos
  • *
libarchive
  • *
  • <3.8.0
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
discovery/discovery-server-rhel9
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
openshift-serverless-1/logic-rhel8-operator
  • *
openshift-serverless-1/logic-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
compliance/openshift-compliance-rhel8-operator
  • *
openshift-serverless-1/logic-swf-builder-rhel8
  • *
openshift-serverless-1/logic-swf-devmode-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
compliance/openshift-compliance-must-gather-rhel8
  • *
openshift-sandboxed-containers/osc-rhel9-operator
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
openshift-serverless-1/logic-db-migrator-tool-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-sandboxed-containers/osc-must-gather-rhel9
  • *
openshift-serverless-1/logic-management-console-rhel8
  • *
openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
openshift-serverless-1/logic-data-index-postgresql-rhel8
  • *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
  • *
openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
  • *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *
openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9
  • *

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

Package maintainers

Permalink CVE-2025-5917
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 10 months ago
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

References

Affected products

rhcos
libarchive
  • <3.8.0

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

Package maintainers

Permalink CVE-2025-5916
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 10 months ago
Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.

References

Affected products

rhcos
libarchive
  • <3.8.0

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

Package maintainers

Permalink CVE-2025-5915
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 10 months ago
Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Affected products

rhcos
libarchive
  • <3.8.0

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

Package maintainers

Permalink CVE-2025-5918
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 10 months ago
Libarchive: reading past eof may be triggered for piped file streams

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Affected products

rhcos
libarchive
  • <3.8.0

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

Package maintainers