Unrated severityNVD Advisory· Published Mar 2, 2025· Updated Mar 4, 2025
CVE-2025-25724
CVE-2025-25724
Description
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21<=3.7.7+ 1 more
- (no CPE)range: <=3.7.7
- (no CPE)range: 0
- osv-coords19 versionspkg:apk/chainguard/libarchivepkg:apk/chainguard/libarchive-devpkg:apk/chainguard/libarchive-docpkg:apk/chainguard/libarchive-toolspkg:apk/wolfi/libarchivepkg:apk/wolfi/libarchive-devpkg:apk/wolfi/libarchive-docpkg:apk/wolfi/libarchive-toolspkg:rpm/almalinux/bsdtarpkg:rpm/almalinux/libarchivepkg:rpm/almalinux/libarchive-develpkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libarchive&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Micro%206.1
< 3.7.7-r2+ 18 more
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-3.el10_0
- (no CPE)range: < 3.7.7-3.el10_0
- (no CPE)range: < 3.7.7-3.el10_0
- (no CPE)range: < 3.7.2-150600.3.12.1
- (no CPE)range: < 3.7.7-3.1
- (no CPE)range: < 3.5.1-150400.3.18.1
- (no CPE)range: < 3.5.1-150400.3.18.1
- (no CPE)range: < 3.5.1-150400.3.18.1
- (no CPE)range: < 3.7.2-150600.3.12.1
- (no CPE)range: < 3.7.2-150600.3.12.1
- (no CPE)range: < 3.7.4-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.