It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1022 advisory.

    A vulnerability has been identified in the libarchive library, specifically within the     archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately     lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption,     enabling an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2025-5914)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the libarchive package has been released.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A vulnerability has been identified in the libarchive library, specifically within the     archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately     lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption,     enabling an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2025-5914)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of libarchive installed on the remote host is prior to 3.1.2-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2912 advisory.

    A vulnerability has been identified in the libarchive library, specifically within the     archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately     lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption,     enabling an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2025-5914)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02522-1 advisory.

    - CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c     (bsc#1244270)
    - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data()     function (bsc#1244272)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 66f35fd9-73f5-11f0-8e0e-002590c1f29c advisory.

    An integer overflow in the archive_read_format_rar_seek_data()             function may lead to a double free problem.
    Exploiting a double free vulnerability can cause memory corruption.
            This in turn could enable a threat actor to execute arbitrary code.
            It might also result in denial of service.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7601-1 advisory.

    It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could     possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2025-5914)

    It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could     possibly use this issue to read sensitive data or cause a denial of service. (CVE-2025-5915)

    It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated     system were tricked into processing a specially crafted WARC archive, an attacker could use this issue to     cause libarchive to crash, resulting in a denial of service. (CVE-2025-5916)

    It was discovered that libarchive incorrectly handled certain file names when handling prefixes and     suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of     service. (CVE-2025-5917)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02566-1 advisory.

    - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data()     function (bsc#1244272)
    - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at     archive_read_support_format_rar.c (bsc#1244273)
    - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c     (bsc#1244270)
    - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c     (bsc#1244336)
    - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
240326	Amazon Linux 2023 : bsdcat, bsdcpio, bsdtar (ALAS2023-2025-1022)	Nessus	Amazon Linux Local Security Checks	6/23/2025	6/23/2025	critical
241154	Photon OS 5.0: Libarchive PHSA-2025-5.0-0545	Nessus	PhotonOS Local Security Checks	7/2/2025	8/1/2025	critical
248700	Linux Distros Unpatched Vulnerability : CVE-2025-5914	Nessus	Misc.	8/12/2025	8/12/2025	critical
241383	Photon OS 4.0: Libarchive PHSA-2025-4.0-0829	Nessus	PhotonOS Local Security Checks	7/5/2025	8/1/2025	critical
241767	Amazon Linux 2 : libarchive (ALAS-2025-2912)	Nessus	Amazon Linux Local Security Checks	7/10/2025	8/1/2025	critical
242870	SUSE SLES12 Security Update : libarchive (SUSE-SU-2025:02522-1)	Nessus	SuSE Local Security Checks	7/26/2025	8/1/2025	critical
246415	FreeBSD : FreeBSD -- Integer overflow in libarchive leading to double free (66f35fd9-73f5-11f0-8e0e-002590c1f29c)	Nessus	FreeBSD Local Security Checks	8/8/2025	8/8/2025	critical
241063	Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libarchive vulnerabilities (USN-7601-1)	Nessus	Ubuntu Local Security Checks	7/1/2025	8/1/2025	critical
243270	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2025:02566-1)	Nessus	SuSE Local Security Checks	8/1/2025	8/1/2025	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical