CVE Details
Basic Information
| Title | Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c |
|---|---|
| Type | cve |
| Published | 2025-06-09T19:49:13.204Z |
| Last Seen |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Enterprise Linux 10 |
| Version |
CVSS Information
| Base Score | 2.8 (LOW) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the libarchive library due to an off-by-one error in the build_ustar_entry_name() function can cause a 1-byte write overflow, potentially leading to memory corruption, crashes, or exploitation in more complex attacks. |
|---|---|
| AI Severity | Medium |
| Vendor | libarchive project |
| Product | libarchive |
| Affected Version |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-787 |
| Bulletin Family |
References
Description
A vulnerability has been identified in the libarchive library. This flaw involves an ‘off-by-one’ miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.