libarchive: Buffer Overflow vulnerability in libarchive

A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2133)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...

ROS-20260507-73-0014

Vulnerability in libarchive related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1853 advisory. - libarchive: Archive Entry with type 1 hardlink, but has a non-zero data size file overwrite CVE-2016-5418 Note that Nessus has not tested f...

Amazon Linux 2 : libarchive, --advisory ALAS2-2026-3257 (ALAS-2026-3257)

The version of libarchive installed on the remote host is prior to 3.1.2-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3257 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer...

RockyLinux 8 : libarchive (RLSA-2026:8534)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8534 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary code...

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

Oracle Linux 10 : libarchive (ELSA-2026-8492)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8492 advisory. - Resolves: CVE-2026-4424 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

RHEL 9 : libarchive (RHSA-2026:8510)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8510 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

RHEL 7 : libarchive (RHSA-2026:8517)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8517 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

Security Bulletin: Vulnerability in libarchive affects IBM Netezza Appliance

Summary The libarchive package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-60753 Vulnerability Details CVEID:CVE-2025-60753 DESCRIPTION: An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file...

RHEL 9 : libarchive (RHSA-2026:7105)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7105 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

RHEL 9 : libarchive (RHSA-2026:7106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7106 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the archiveaclfromtextnl function. An attacker can cause applications to crash by supplying a specially crafted archive containing a malformed ACL string. Remediation There is no fixed version for libarchive...

RHEL 9 : libarchive (RHSA-2026:6647)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6647 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

libarchive 安全漏洞

Libarchive is an open-source multi-format archive and compression library developed by Libarchive. There is a security vulnerability in Libarchive, which stems from undefined behavior in the zisofs decompression logic. The improper validation of the pzlog2bs field read from the ISO9660 Rock Ridge...

Oracle Linux 9 : libarchive (ELSA-2026-5080)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5080 advisory. 3.5.3-7 - Resolves: CVE-2026-4111 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1340)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...