NewStart CGSL MAIN 7.02 : libarchive Multiple Vulnerabilities (NS-SA-2025-0118)

medium Nessus Plugin ID 242814

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has libarchive packages installed that are affected by multiple vulnerabilities:

- list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
(CVE-2025-25724)

- A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. (CVE-2025-1632)

- Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low- privileged local user can delete and rename files inside those directories. (CVE-2023-30571)

- Libarchive Remote Code Execution Vulnerability (CVE-2024-26256)

- execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48957)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL libarchive packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0118

https://security.gd-linux.com/info/CVE-2023-30571

https://security.gd-linux.com/info/CVE-2024-26256

https://security.gd-linux.com/info/CVE-2024-48957

https://security.gd-linux.com/info/CVE-2024-48958

https://security.gd-linux.com/info/CVE-2025-1632

https://security.gd-linux.com/info/CVE-2025-25724

Plugin Details

Severity: Medium

ID: 242814

File Name: newstart_cgsl_NS-SA-2025-0118_libarchive.nasl

Version: 1.1

Type: local

Published: 7/25/2025

Updated: 7/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2025-1632

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-25724

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:libarchive

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/25/2025

Vulnerability Publication Date: 5/29/2023

Reference Information

CVE: CVE-2023-30571, CVE-2024-26256, CVE-2024-48957, CVE-2024-48958, CVE-2025-1632, CVE-2025-25724

IAVA: 2024-A-0834

IAVB: 2024-B-0154-S