CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Libarchive	Libarchive	*	3.8.0 (excluding)
Red Hat Enterprise Linux 10	RedHat	libarchive-0:3.7.7-4.el10_0	*
Red Hat Enterprise Linux 7 Extended Lifecycle Support	RedHat	libarchive-0:3.1.2-14.el7_9.1	*
Red Hat Enterprise Linux 8	RedHat	libarchive-0:3.3.3-6.el8_10	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	libarchive-0:3.3.2-8.el8_2.1	*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-2.el9_0.1	*
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-5.el9_2	*
Red Hat Enterprise Linux 9.4 Extended Update Support	RedHat	libarchive-0:3.5.3-4.el9_4.1	*
Red Hat OpenShift Container Platform 4.14	RedHat	rhcos-414.92.202510211419-0	*
Red Hat OpenShift Container Platform 4.17	RedHat	rhcos-417.94.202510112152-0	*
Red Hat OpenShift Container Platform 4.18	RedHat	rhcos-418.94.202510230424-0	*
Red Hat OpenShift Container Platform 4.19	RedHat	rhcos-4.19.9.6.202510140714-0	*
Red Hat OpenShift Container Platform 4.20	RedHat	rhcos-4.20.9.6.202509251656-0	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-rhel9-operator:1.11-19	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.11-8	*
Red Hat Web Terminal 1.12 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.12-4	*
Cert-manager operator for Red Hat OpenShift 1.16	RedHat	cert-manager/jetstack-cert-manager-rhel9:sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16	*
Compliance Operator 1	RedHat	compliance/openshift-compliance-must-gather-rhel8:sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e	*
Compliance Operator 1	RedHat	compliance/openshift-compliance-openscap-rhel8:sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049	*
Compliance Operator 1	RedHat	compliance/openshift-compliance-rhel8-operator:sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf	*
File Integrity Operator 1	RedHat	compliance/openshift-file-integrity-rhel8-operator:sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4	*
Red Hat Discovery 2	RedHat	discovery/discovery-server-rhel9:sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083	*
Red Hat Insights proxy 1.5	RedHat	insights-proxy/insights-proxy-container-rhel9:sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-agent-rhel8:sha256:6b72262a6a1e4b8acda6be579e26572adf2ff59254530e6e5d3ef17cfa6657f4	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-all-in-one-rhel8:sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-collector-rhel8:sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-index-cleaner-rhel8:sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-rollover-rhel8:sha256:da510d9c86c877d8f4cdcddfa337b16858dd4e490cc3e85124b2076408499826	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-ingester-rhel8:sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-operator-bundle:sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-query-rhel8:sha256:9407bf93b2128d5da4a14b2ba8dd48a27b688fbb962b9383e7cb260ab43b6f24	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-rhel8-operator:sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9:sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9:sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-monitor-rhel9:sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-must-gather-rhel9:sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-builder-rhel9:sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-payload-rhel9:sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-rhel9-operator:sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65	*
Libarchive	Ubuntu	devel	*
Libarchive	Ubuntu	esm-infra-legacy/trusty	*
Libarchive	Ubuntu	esm-infra/bionic	*
Libarchive	Ubuntu	esm-infra/focal	*
Libarchive	Ubuntu	esm-infra/xenial	*
Libarchive	Ubuntu	jammy	*
Libarchive	Ubuntu	noble	*
Libarchive	Ubuntu	oracular	*
Libarchive	Ubuntu	plucky	*
Libarchive	Ubuntu	questing	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-5914
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References