CVE-2026-5121

{"id": "CVE-2026-5121", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-30T08:16:18.780", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:10065", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:10097", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:11768", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:12071", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:12274", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:13812", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:14773", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:14937", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:15087", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:16008", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:16009", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:16030", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:16174", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:17596", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:19724", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:19725", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:20040", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:21690", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:25096", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8510", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8517", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8521", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8534", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8864", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8866", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8867", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8873", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8908", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:8944", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:9026", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:9592", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:9832", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-5121", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945", "source": "secalert@redhat.com"}, {"url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/libarchive/libarchive/pull/2934", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en libarchive. En sistemas de 32 bits, existe una vulnerabilidad de desbordamiento de entero en la l\u00f3gica de asignaci\u00f3n de punteros de bloque zisofs. Un atacante remoto puede explotar esto al proporcionar una imagen ISO9660 especialmente dise\u00f1ada, lo que puede llevar a un desbordamiento de b\u00fafer de pila. Esto podr\u00eda permitir potencialmente la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema afectado."}], "lastModified": "2026-06-10T18:17:13.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A51945D-40D7-4C28-B0BB-774687265DCE"}, {"criteria": "cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DEB507-5B64-47D7-9A50-3B87FD1E571F"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}