Description

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).

INFO

Published Date :

2026-04-07T14:57:31.587Z

Last Modified :

2026-05-03T14:15:32.657Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5745 vulnerability.

Vendors Products
Libarchive
  • Libarchive
Redhat
  • Enterprise Linux
  • Hardened Images
  • Hummingbird
  • Openshift
  • Openshift Container Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5745.

URL Resource
https://access.redhat.com/errata/RHSA-2026:8944 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-5745 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2455921 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-5745 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-5745 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact