libarchive: Buffer Overflow vulnerability in libarchive

A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2133)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

Astra Linux - уязвимость в libarchive

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are passed into bsdtar, potentially allowing for reading beyond the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior,...

Astra Linux - уязвимость в libarchive

A vulnerability was discovered in libarchive up to version 3.7.7. It has been classified as problematic. This issue affects the function list of the bsdunzip.c file. The vulnerability leads to a null pointer dereference. The attack can be launched on the local host. The exploit has been disclosed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...

ROS-20260507-73-0014

Vulnerability in libarchive related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1853 advisory. - libarchive: Archive Entry with type 1 hardlink, but has a non-zero data size file overwrite CVE-2016-5418 Note that Nessus has not tested f...

Amazon Linux 2 : libarchive, --advisory ALAS2-2026-3257 (ALAS-2026-3257)

The version of libarchive installed on the remote host is prior to 3.1.2-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3257 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer...

RockyLinux 8 : libarchive (RLSA-2026:8534)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8534 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary code...

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

Oracle Linux 10 : libarchive (ELSA-2026-8492)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8492 advisory. - Resolves: CVE-2026-4424 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

RHEL 9 : libarchive (RHSA-2026:8510)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8510 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

RHEL 7 : libarchive (RHSA-2026:8517)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8517 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

Security Bulletin: Vulnerability in libarchive affects IBM Netezza Appliance

Summary The libarchive package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-60753 Vulnerability Details CVEID:CVE-2025-60753 DESCRIPTION: An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file...

RHEL 9 : libarchive (RHSA-2026:7105)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7105 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

RHEL 9 : libarchive (RHSA-2026:7106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7106 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the archiveaclfromtextnl function. An attacker can cause applications to crash by supplying a specially crafted archive containing a malformed ACL string. Remediation There is no fixed version for libarchive...

RHEL 9 : libarchive (RHSA-2026:6647)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6647 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

libarchive 安全漏洞

Libarchive is an open-source multi-format archive and compression library developed by Libarchive. There is a security vulnerability in Libarchive, which stems from undefined behavior in the zisofs decompression logic. The improper validation of the pzlog2bs field read from the ISO9660 Rock Ridge...