IM
IronMonkey Threat Research

CVE-2026-5121 CRITICAL

Published: 2026-03-30 | Last Modified: 2026-07-14 | Status: Modified

Description

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Additional Descriptions (1)

Se encontró un fallo en libarchive. En sistemas de 32 bits, existe una vulnerabilidad de desbordamiento de entero en la lógica de asignación de punteros de bloque zisofs. Un atacante remoto puede explotar esto al proporcionar una imagen ISO9660 especialmente diseñada, lo que puede llevar a un desbordamiento de búfer de pila. Esto podría permitir potencialmente la ejecución de código arbitrario en el sistema afectado.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-190

Affected Products

Vendor Product Version Update Type
libarchive libarchive - <built-in method update of dict object at 0x702bdd2d49c0> Application
redhat hardened_images - <built-in method update of dict object at 0x702bcbd3a500> Application
redhat openshift_container_platform 4.0 <built-in method update of dict object at 0x702bdc3734c0> Application
redhat enterprise_linux 6.0 <built-in method update of dict object at 0x702bdd2d7e00> Operating System
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x702bdd2d6280> Operating System
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x702bfc3c7640> Operating System
redhat enterprise_linux 9.0 <built-in method update of dict object at 0x702bcc7603c0> Operating System
redhat enterprise_linux 10.0 <built-in method update of dict object at 0x702bdd2d7680> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

References

Notification
Message here