Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-25724 (GCVE-0-2025-25724)
Vulnerability from cvelistv5
Published
2025-03-02 00:00
Modified
2025-03-04 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-252 - Unchecked Return Value
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| libarchive | libarchive |
Version: 0 ≤ 3.7.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:00:32.541478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:00:41.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "libarchive",
"vendor": "libarchive",
"versions": [
{
"lessThanOrEqual": "3.7.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-02T01:22:26.132Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
},
{
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-25724",
"datePublished": "2025-03-02T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-03-04T19:00:41.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-25724\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-02T02:15:36.603\",\"lastModified\":\"2025-07-17T15:56:36.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.\"},{\"lang\":\"es\",\"value\":\"list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegaci\u00f3n de servicio u otro impacto no especificado a trav\u00e9s de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el b\u00fafer de 100 bytes puede no ser suficiente para una configuraci\u00f3n regional personalizada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.7.7\",\"matchCriteriaId\":\"BF70A827-B7CB-4155-8FBC-73D52403367C\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25724\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-04T19:00:32.541478Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-04T19:00:36.589Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\"}}], \"affected\": [{\"vendor\": \"libarchive\", \"product\": \"libarchive\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.7.7\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug\"}, {\"url\": \"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752\"}, {\"url\": \"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-252\", \"description\": \"CWE-252 Unchecked Return Value\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"3.7.7\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-02T01:22:26.132Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-25724\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-04T19:00:41.262Z\", \"dateReserved\": \"2025-02-07T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-03-02T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ghsa-722w-734r-qg74
Vulnerability from github
Published
2025-03-02 03:30
Modified
2025-03-02 03:30
Severity ?
VLAI Severity ?
Details
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
{
"affected": [],
"aliases": [
"CVE-2025-25724"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-02T02:15:36Z",
"severity": "MODERATE"
},
"details": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"id": "GHSA-722w-734r-qg74",
"modified": "2025-03-02T03:30:31Z",
"published": "2025-03-02T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"type": "WEB",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"type": "WEB",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
rhsa-2025:9420
Vulnerability from csaf_redhat
Published
2025-06-24 01:13
Modified
2025-07-29 08:15
Summary
Red Hat Security Advisory: libarchive security update
Notes
Topic
An update for libarchive is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9420",
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9420.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2025-07-29T08:15:49+00:00",
"generator": {
"date": "2025-07-29T08:15:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.4"
}
},
"id": "RHSA-2025:9420",
"initial_release_date": "2025-06-24T01:13:14+00:00",
"revision_history": [
{
"date": "2025-06-24T01:13:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-24T01:13:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-29T08:15:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.src",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.src",
"product_id": "libarchive-0:3.7.7-3.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-252: Unchecked Return Value vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-24T01:13:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
rhsa-2025:9431
Vulnerability from csaf_redhat
Published
2025-06-24 06:58
Modified
2025-07-29 08:15
Summary
Red Hat Security Advisory: libarchive security update
Notes
Topic
An update for libarchive is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9431",
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9431.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2025-07-29T08:15:58+00:00",
"generator": {
"date": "2025-07-29T08:15:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.4"
}
},
"id": "RHSA-2025:9431",
"initial_release_date": "2025-06-24T06:58:35+00:00",
"revision_history": [
{
"date": "2025-06-24T06:58:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-24T06:58:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-29T08:15:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.src",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.src",
"product_id": "libarchive-0:3.5.3-5.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-252: Unchecked Return Value vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-24T06:58:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
rhsa-2025:11487
Vulnerability from csaf_redhat
Published
2025-07-21 19:25
Modified
2025-08-13 09:00
Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11487",
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-53920",
"url": "https://access.redhat.com/security/cve/CVE-2024-53920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-25724",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-3576",
"url": "https://access.redhat.com/security/cve/CVE-2025-3576"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4802",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5702",
"url": "https://access.redhat.com/security/cve/CVE-2025-5702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11487.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2025-08-13T09:00:09+00:00",
"generator": {
"date": "2025-08-13T09:00:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:11487",
"initial_release_date": "2025-07-21T19:25:21+00:00",
"revision_history": [
{
"date": "2025-07-21T19:25:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-21T19:25:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-13T09:00:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ac499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752592913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Acb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752593703"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Abd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752592913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752593703"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53920",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-11-27T15:01:05.611448+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2329161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "emacs: arbitrary code execution via Lisp macro expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening an Emacs Lisp source code file with a crafted macro definition. Additionally, the user must have `elisp-completion-at-point` configured or automatic error checking enabled.\nFor these reasons, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform leverages a web application firewall (WAF) to filter and block malicious input before it reaches the application. It applies managed and custom rule sets to detect suspicious patterns such as embedded scripting functions and remote code execution attempts. By enforcing strict input validation and preventing unauthorized execution of user-supplied code, the WAF reduces the risk of exploitation. Additional protections like rate limiting and bot mitigation help prevent automated injection attacks, while integration with logging, monitoring, and threat detection systems enhances visibility and response capabilities. Through real-time monitoring and automated blocking, the WAF provides a strong layer of defense against code injection vulnerabilities, lowering the likelihood of successful exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53920"
},
{
"category": "external",
"summary": "RHBZ#2329161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53920"
},
{
"category": "external",
"summary": "https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html",
"url": "https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html"
},
{
"category": "external",
"summary": "https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/",
"url": "https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/"
}
],
"release_date": "2024-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Do not open or view untrusted Emacs Lisp source code files.\n\nDisabling auto-completion features and automatic error checking such as Flymake or Flycheck in untrusted Emacs Lisp source code files will mitigate this vulnerability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "emacs: arbitrary code execution via Lisp macro expansion"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2025-04-14T11:00:53.484000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359465"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as a moderate severity vulnerability because it affects the handling of PKINIT requests during ASN.1 decoding in krb5. Exploitation requires specific and uncommon configurations, including a Kerberos environment with PKINIT enabled. Additionally, successful exploitation depends on triggering specific memory allocation failures or parser behaviors, contributing to a high attack complexity.The attack requires that PKINIT is actively configured and in use, and cannot be exploited remotely without this setup in place, making the practical risk limited in standard environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-3576"
},
{
"category": "external",
"summary": "RHBZ#2359465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html",
"url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2025-05-20T12:53:17.126000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367468"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploitable by a local attacker via a static setuid program that calls the dlopen function, causing the library to search LD_LIBRARY_PATH to locate the shared object name to load. No such programs have been found in Red Hat Enterprise Linux at the time of publishing this advisory. However, custom setuid programs, although strongly discouraged as a security practice, may exist and can not be discarded. Due to these reasons, this flaw has been rated with a moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-426: Untrusted Search Path) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces least functionality by enabling only essential features, services, and ports, thereby reducing the system\u2019s attack surface. Static code analysis, peer reviews, and robust input validation and error handling detect unsafe input that could affect execution timing or path resolution. Real-time threat detection, including IPS/IDS, antimalware, and continuous system monitoring, enables rapid identification of exploitation attempts. Process isolation and Kubernetes orchestration reduce the likelihood of concurrent execution conflicts and contain any impact to isolated workloads. Executable search paths are restricted to trusted, explicitly defined directories, mitigating the risk of executing malicious files. These controls effectively lower the likelihood and impact of race conditions and untrusted path exploitation in the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "RHBZ#2367468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/16/7",
"url": "https://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/17/2",
"url": "https://www.openwall.com/lists/oss-security/2025/05/17/2"
}
],
"release_date": "2025-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH"
},
{
"cve": "CVE-2025-5702",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-06-05T19:00:53.922197+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370472"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Vector register overwrite bug in glibc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is marked as a Moderate vulnerability rather than an Important one because, while it violates the PowerPC64LE ABI by overwriting non-volatile vector registers (v20 to v31) in the optimized strcmp implementation, its impact is highly context-dependent. The vulnerability does not result in immediate memory corruption, privilege escalation, or remote code execution on its own. It only poses a risk if the overwritten registers were actively holding critical state across the call to strcmp, which is uncommon in typical usage patterns of the function. Moreover, since this issue occurs in an architecture-specific optimization path for Power10 and affects a relatively recent version of glibc (2.39+), its exposure is limited in scope and deployment.\n\nNote that this vulnerability only impacts POWER10 (ppc64le), not POWER9, nor the aarch64, s390x, x86-64 products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5702"
},
{
"category": "external",
"summary": "RHBZ#2370472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5702"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056"
}
],
"release_date": "2025-06-05T18:23:57.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: Vector register overwrite bug in glibc"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-252: Unchecked Return Value vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
fkie_cve-2025-25724
Vulnerability from fkie_nvd
Published
2025-03-02 02:15
Modified
2025-07-17 15:56
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 | Third Party Advisory | |
| cve@mitre.org | https://github.com/Ekkosun/pocs/blob/main/bsdtarbug | Exploit | |
| cve@mitre.org | https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libarchive | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF70A827-B7CB-4155-8FBC-73D52403367C",
"versionEndIncluding": "3.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."
},
{
"lang": "es",
"value": "list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegaci\u00f3n de servicio u otro impacto no especificado a trav\u00e9s de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el b\u00fafer de 100 bytes puede no ser suficiente para una configuraci\u00f3n regional personalizada."
}
],
"id": "CVE-2025-25724",
"lastModified": "2025-07-17T15:56:36.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-02T02:15:36.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
suse-su-2025:20257-1
Vulnerability from csaf_suse
Published
2025-03-31 14:21
Modified
2025-03-31 14:21
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
This update for libarchive fixes the following issues:
- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)
- CVE-2025-25724: Fixed Buffer Overflow vulnerability in libarchive (bsc#1238610)
- CVE-2024-48958: Fixed out-of-bounds access in execute_filter_delta (bsc#1231624)
- CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (also attributed CVE-2024-26256) (CVE-2024-26256, bsc#1225972)
- CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio (bsc#1231544)
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971)
Patchnames
SUSE-SLE-Micro-6.1-50
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)\n- CVE-2025-25724: Fixed Buffer Overflow vulnerability in libarchive (bsc#1238610)\n- CVE-2024-48958: Fixed out-of-bounds access in execute_filter_delta (bsc#1231624)\n- CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (also attributed CVE-2024-26256) (CVE-2024-26256, bsc#1225972)\n- CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio (bsc#1231544)\n- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-50",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20257-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20257-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520257-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20257-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021061.html"
},
{
"category": "self",
"summary": "SUSE Bug 1225971",
"url": "https://bugzilla.suse.com/1225971"
},
{
"category": "self",
"summary": "SUSE Bug 1225972",
"url": "https://bugzilla.suse.com/1225972"
},
{
"category": "self",
"summary": "SUSE Bug 1231544",
"url": "https://bugzilla.suse.com/1231544"
},
{
"category": "self",
"summary": "SUSE Bug 1231624",
"url": "https://bugzilla.suse.com/1231624"
},
{
"category": "self",
"summary": "SUSE Bug 1237606",
"url": "https://bugzilla.suse.com/1237606"
},
{
"category": "self",
"summary": "SUSE Bug 1238610",
"url": "https://bugzilla.suse.com/1238610"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26256 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-03-31T14:21:21Z",
"generator": {
"date": "2025-03-31T14:21:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20257-1",
"initial_release_date": "2025-03-31T14:21:21Z",
"revision_history": [
{
"date": "2025-03-31T14:21:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"product_id": "libarchive13-3.7.4-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"product_id": "libarchive13-3.7.4-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-3.7.4-slfo.1.1_2.1.x86_64",
"product": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.x86_64",
"product_id": "libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.4-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
},
"product_reference": "libarchive13-3.7.4-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20696"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20696",
"url": "https://www.suse.com/security/cve/CVE-2024-20696"
},
{
"category": "external",
"summary": "SUSE Bug 1225971 for CVE-2024-20696",
"url": "https://bugzilla.suse.com/1225971"
},
{
"category": "external",
"summary": "SUSE Bug 1225972 for CVE-2024-20696",
"url": "https://bugzilla.suse.com/1225972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "important"
}
],
"title": "CVE-2024-20696"
},
{
"cve": "CVE-2024-20697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20697"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20697",
"url": "https://www.suse.com/security/cve/CVE-2024-20697"
},
{
"category": "external",
"summary": "SUSE Bug 1225972 for CVE-2024-20697",
"url": "https://bugzilla.suse.com/1225972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "important"
}
],
"title": "CVE-2024-20697"
},
{
"cve": "CVE-2024-26256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26256"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26256",
"url": "https://www.suse.com/security/cve/CVE-2024-26256"
},
{
"category": "external",
"summary": "SUSE Bug 1222911 for CVE-2024-26256",
"url": "https://bugzilla.suse.com/1222911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "important"
}
],
"title": "CVE-2024-26256"
},
{
"cve": "CVE-2024-48957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48957"
}
],
"notes": [
{
"category": "general",
"text": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48957",
"url": "https://www.suse.com/security/cve/CVE-2024-48957"
},
{
"category": "external",
"summary": "SUSE Bug 1231543 for CVE-2024-48957",
"url": "https://bugzilla.suse.com/1231543"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "important"
}
],
"title": "CVE-2024-48957"
},
{
"cve": "CVE-2024-48958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48958"
}
],
"notes": [
{
"category": "general",
"text": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48958",
"url": "https://www.suse.com/security/cve/CVE-2024-48958"
},
{
"category": "external",
"summary": "SUSE Bug 1231622 for CVE-2024-48958",
"url": "https://bugzilla.suse.com/1231622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "important"
}
],
"title": "CVE-2024-48958"
},
{
"cve": "CVE-2025-1632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1632"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1632",
"url": "https://www.suse.com/security/cve/CVE-2025-1632"
},
{
"category": "external",
"summary": "SUSE Bug 1237606 for CVE-2025-1632",
"url": "https://bugzilla.suse.com/1237606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libarchive13-3.7.4-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-31T14:21:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-25724"
}
]
}
suse-su-2025:0985-1
Vulnerability from csaf_suse
Published
2025-03-21 17:45
Modified
2025-03-21 17:45
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
This update for libarchive fixes the following issues:
- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)
Patchnames
SUSE-2025-985,SUSE-SLE-Module-Basesystem-15-SP6-2025-985,SUSE-SLE-Module-Development-Tools-15-SP6-2025-985,openSUSE-SLE-15.6-2025-985
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)\n- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-985,SUSE-SLE-Module-Basesystem-15-SP6-2025-985,SUSE-SLE-Module-Development-Tools-15-SP6-2025-985,openSUSE-SLE-15.6-2025-985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0985-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0985-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250985-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0985-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020577.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237606",
"url": "https://bugzilla.suse.com/1237606"
},
{
"category": "self",
"summary": "SUSE Bug 1238610",
"url": "https://bugzilla.suse.com/1238610"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-03-21T17:45:17Z",
"generator": {
"date": "2025-03-21T17:45:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0985-1",
"initial_release_date": "2025-03-21T17:45:17Z",
"revision_history": [
{
"date": "2025-03-21T17:45:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"product_id": "bsdtar-3.7.2-150600.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"product_id": "libarchive13-3.7.2-150600.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.i586",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.i586",
"product_id": "bsdtar-3.7.2-150600.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.i586",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.i586",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.i586",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.i586",
"product_id": "libarchive13-3.7.2-150600.3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"product_id": "bsdtar-3.7.2-150600.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"product_id": "libarchive13-3.7.2-150600.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x",
"product_id": "bsdtar-3.7.2-150600.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x",
"product_id": "libarchive13-3.7.2-150600.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"product_id": "bsdtar-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive13-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1632"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1632",
"url": "https://www.suse.com/security/cve/CVE-2025-1632"
},
{
"category": "external",
"summary": "SUSE Bug 1237606 for CVE-2025-1632",
"url": "https://bugzilla.suse.com/1237606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:45:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:45:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-25724"
}
]
}
suse-su-2025:0986-1
Vulnerability from csaf_suse
Published
2025-03-21 17:49
Modified
2025-03-21 17:49
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
Patchnames
SUSE-2025-986,SUSE-SLE-Micro-5.3-2025-986,SUSE-SLE-Micro-5.4-2025-986,SUSE-SLE-Micro-5.5-2025-986
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-986,SUSE-SLE-Micro-5.3-2025-986,SUSE-SLE-Micro-5.4-2025-986,SUSE-SLE-Micro-5.5-2025-986",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0986-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0986-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250986-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0986-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020576.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238610",
"url": "https://bugzilla.suse.com/1238610"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-03-21T17:49:33Z",
"generator": {
"date": "2025-03-21T17:49:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0986-1",
"initial_release_date": "2025-03-21T17:49:33Z",
"revision_history": [
{
"date": "2025-03-21T17:49:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.aarch64",
"product_id": "bsdtar-3.5.1-150400.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.aarch64",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"product_id": "libarchive13-3.5.1-150400.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.i586",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.i586",
"product_id": "bsdtar-3.5.1-150400.3.18.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.i586",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.i586",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.i586",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.i586",
"product_id": "libarchive13-3.5.1-150400.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.ppc64le",
"product_id": "bsdtar-3.5.1-150400.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"product_id": "libarchive13-3.5.1-150400.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.s390x",
"product_id": "bsdtar-3.5.1-150400.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.s390x",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x",
"product_id": "libarchive13-3.5.1-150400.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.x86_64",
"product_id": "bsdtar-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive13-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:49:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-25724"
}
]
}
opensuse-su-2025:14882-1
Vulnerability from csaf_opensuse
Published
2025-03-12 00:00
Modified
2025-03-12 00:00
Summary
bsdtar-3.7.7-3.1 on GA media
Notes
Title of the patch
bsdtar-3.7.7-3.1 on GA media
Description of the patch
These are all security issues fixed in the bsdtar-3.7.7-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14882
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bsdtar-3.7.7-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bsdtar-3.7.7-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14882",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14882-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14882-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14882-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "bsdtar-3.7.7-3.1 on GA media",
"tracking": {
"current_release_date": "2025-03-12T00:00:00Z",
"generator": {
"date": "2025-03-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14882-1",
"initial_release_date": "2025-03-12T00:00:00Z",
"revision_history": [
{
"date": "2025-03-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.aarch64",
"product": {
"name": "bsdtar-3.7.7-3.1.aarch64",
"product_id": "bsdtar-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive-devel-3.7.7-3.1.aarch64",
"product_id": "libarchive-devel-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive13-3.7.7-3.1.aarch64",
"product_id": "libarchive13-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.aarch64",
"product_id": "libarchive13-32bit-3.7.7-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.ppc64le",
"product": {
"name": "bsdtar-3.7.7-3.1.ppc64le",
"product_id": "bsdtar-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive-devel-3.7.7-3.1.ppc64le",
"product_id": "libarchive-devel-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive13-3.7.7-3.1.ppc64le",
"product_id": "libarchive13-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"product_id": "libarchive13-32bit-3.7.7-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.s390x",
"product": {
"name": "bsdtar-3.7.7-3.1.s390x",
"product_id": "bsdtar-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.s390x",
"product": {
"name": "libarchive-devel-3.7.7-3.1.s390x",
"product_id": "libarchive-devel-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.s390x",
"product": {
"name": "libarchive13-3.7.7-3.1.s390x",
"product_id": "libarchive13-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.s390x",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.s390x",
"product_id": "libarchive13-32bit-3.7.7-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.x86_64",
"product": {
"name": "bsdtar-3.7.7-3.1.x86_64",
"product_id": "bsdtar-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive-devel-3.7.7-3.1.x86_64",
"product_id": "libarchive-devel-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive13-3.7.7-3.1.x86_64",
"product_id": "libarchive13-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.x86_64",
"product_id": "libarchive13-32bit-3.7.7-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64"
},
"product_reference": "bsdtar-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le"
},
"product_reference": "bsdtar-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x"
},
"product_reference": "bsdtar-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64"
},
"product_reference": "bsdtar-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x"
},
"product_reference": "libarchive-devel-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive13-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive13-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x"
},
"product_reference": "libarchive13-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive13-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1632"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1632",
"url": "https://www.suse.com/security/cve/CVE-2025-1632"
},
{
"category": "external",
"summary": "SUSE Bug 1237606 for CVE-2025-1632",
"url": "https://bugzilla.suse.com/1237606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25724"
}
]
}
wid-sec-w-2025-0469
Vulnerability from csaf_certbund
Published
2025-03-02 23:00
Modified
2025-08-06 22:00
Summary
libarchive: Schwachstelle ermöglicht Denial of Service und weitere nicht spezifizierte Angriffe
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff und weitere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff und weitere nicht spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0469 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0469.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0469 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0469"
},
{
"category": "external",
"summary": "Red Hat Bugtracker vom 2025-03-02",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-03-02",
"url": "https://github.com/advisories/GHSA-722w-734r-qg74"
},
{
"category": "external",
"summary": "Red Hat Security Errata",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14882-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0986-1 vom 2025-03-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020576.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0985-1 vom 2025-03-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020577.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7454-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7454-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20257-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021061.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9420 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9431 vom 2025-06-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-9431.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9431 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9420 vom 2025-06-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-9420.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7240431 vom 2025-07-23",
"url": "https://www.ibm.com/support/pages/node/7240431"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241565 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241565"
}
],
"source_lang": "en-US",
"title": "libarchive: Schwachstelle erm\u00f6glicht Denial of Service und weitere nicht spezifizierte Angriffe",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:50:06.212+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0469",
"initial_release_date": "2025-03-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-03-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cLTS 12.0.14",
"product": {
"name": "IBM App Connect Enterprise \u003cLTS 12.0.14",
"product_id": "T045928"
}
},
{
"category": "product_version",
"name": "LTS 12.0.14",
"product": {
"name": "IBM App Connect Enterprise LTS 12.0.14",
"product_id": "T045928-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:lts_12.0.14"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.7.7",
"product": {
"name": "Open Source libarchive 3.7.7",
"product_id": "T041392",
"product_identification_helper": {
"cpe": "cpe:/a:libarchive:libarchive:3.7.7"
}
}
}
],
"category": "product_name",
"name": "libarchive"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"product_status": {
"known_affected": [
"T002207",
"T041392",
"67646",
"T000126",
"T027843",
"T045928",
"T004914",
"T021398"
]
},
"release_date": "2025-03-02T23:00:00.000+00:00",
"title": "CVE-2025-25724"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…