Volerion logoVolerion
Volerion logoVolerion

Libarchive Out-of-Bounds Read Vulnerability in Piped File Streams

Vulnerability

A vulnerability in the libarchive library prior to version 3.8.0 allows for an out-of-bounds read when file streams are piped into bsdtar. This flaw can lead to reading past the end of the file, causing unpredictable program behavior, memory corruption, or a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause memory corruption or a denial-of-service condition by disrupting normal program execution.

Reproduction

The vulnerability can be reproduced by piping an archive file that triggers the issue into the bsdtar command. For example, using the 'cat' command to send a RAR file that contains a specific test case (test_read_format_rar_ppmd_use_after_free.rar) into bsdtar can demonstrate the vulnerability. The 'bsdtar' command will process the file, but the error messages will indicate that the input was truncated, showing that the tool read past the end of the file.

Remediation

Users can upgrade to libarchive version 3.8.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 8:17 PM
Updated: Jun 9, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
5.0
remediation
7.7
relevance
0.2
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.