CVE-2026-5745NULL Pointer Dereference in Libarchive

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelDebian Libarchive
Timeline
PublishedApr 7

Description

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to cras

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Linuxlinux/linux_kernel6.18.06.18.6

🔴Vulnerability Details

3
OSV
CVE-2026-5745: A flaw was found in libarchive2026-04-07
GHSA
GHSA-fjqv-vj6q-4fcm: A flaw was found in libarchive2026-04-07
OSV
wifi: mac80211_hwsim: fix typo in frequency notification2026-02-04

📋Vendor Advisories

3
Red Hat
libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive2026-04-07
Red Hat
kernel: wifi: mac80211_hwsim: fix typo in frequency notification2026-02-04
Debian
CVE-2026-5745: libarchive - A flaw was found in libarchive. A NULL pointer dereference vulnerability exists ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5745 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-5745 libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive2026-04-07