bsdtar (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package bsdtar, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-36227 — CVSS 9.8 (critical): In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if…
CVE-2025-5914 — CVSS 7.8 (high): A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This…
CVE-2026-4111 — CVSS 7.5 (high): A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data()…
CVE-2026-4424 — CVSS 7.5 (high): A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper…
CVE-2026-5121 — CVSS 7.5 (high): A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A…
CVE-2022-26280 — CVSS 6.5 (medium): Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
CVE-2025-25724 — CVSS 4.0 (medium): list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service…