CVE-2025-25724

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.4 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92	Third Party Advisory
https://github.com/Ekkosun/pocs/blob/main/bsdtarbug	Exploit
https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-02 02:15

Updated : 2025-07-17 15:56

NVD link : CVE-2025-25724

Mitre link : CVE-2025-25724

CVE.ORG link : CVE-2025-25724

JSON object : View

Products Affected

libarchive

libarchive

CWE

CWE-252

Unchecked Return Value

{"id": "CVE-2025-25724", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-03-02T02:15:36.603", "references": [{"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-252"}]}], "descriptions": [{"lang": "en", "value": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."}, {"lang": "es", "value": "list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegaci\u00f3n de servicio u otro impacto no especificado a trav\u00e9s de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el b\u00fafer de 100 bytes puede no ser suficiente para una configuraci\u00f3n regional personalizada."}], "lastModified": "2025-07-17T15:56:36.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF70A827-B7CB-4155-8FBC-73D52403367C", "versionEndIncluding": "3.7.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}