Is CVE-2016-5418 actively exploited?

CVE-2016-5418 has no public evidence of in-the-wild exploitation as of 2025-04-12.

What is the CVSS score for CVE-2016-5418?

CVE-2016-5418 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2016-5418?

Patch guidance is available from redhat security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2016-5418.

Fix CVE-2016-5418 - HIGH redhat enterprise linux desktop

Q: Which products are affected by CVE-2016-5418?

16 products: redhat enterprise linux desktop, redhat enterprise linux hpc node, redhat enterprise linux server, redhat enterprise linux workstation, oracle linux, and 11 more.

Description

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-19 CWE-20 · Improper Input Validation

Metadata

Primary Vendor: REDHAT
Published: 9/21/2016
Last Modified: 4/12/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

redhat : enterprise_linux_desktopredhat : enterprise_linux_hpc_noderedhat : enterprise_linux_serverredhat : enterprise_linux_workstationoracle : linuxoracle : linuxredhat : openshiftredhat : openshiftlibarchive : libarchiveredhat : enterprise_linux_desktopredhat : enterprise_linux_hpc_noderedhat : enterprise_linux_hpc_node_eusredhat : enterprise_linux_serverredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_eusredhat : enterprise_linux_workstation

Remediation Guidance

Executive Summary

View on NIST NVD