Cyber Posture

CVE-2024-48615

HighPublic PoC

Published: 28 March 2025

Published
28 March 2025
Modified
14 April 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0025 48.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48615 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Libarchive Libarchive. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 48.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, prioritization, and timely remediation of software flaws like this null pointer dereference in libarchive to prevent DoS exploitation via malformed TAR inputs.

SI-11 Error Handling good match
prevent

Mandates proper error and exception handling to ensure null pointer dereferences in functions like header_pax_extension do not cause application crashes or DoS conditions.

SI-10 Information Input Validation partial match
prevent

Requires validation of inputs to archive processing tools like bsdtar to detect and reject malformed PAX headers that trigger the null pointer dereference.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Null pointer dereference in libarchive's bsdtar causes segmentation fault/crash when extracting crafted TAR archive, enabling endpoint DoS via application exploitation.

NVD Description

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

Deeper analysisAI

CVE-2024-48615 is a Null Pointer Dereference vulnerability (CWE-476) in libarchive versions 3.7.6 and earlier. The flaw manifests when running the bsdtar program, specifically in the header_pax_extension function located at archive_read_support_format_tar.c:1844:8.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges required, and no user interaction needed. Remote attackers can trigger a denial-of-service condition with high availability impact, such as causing application crashes through malformed inputs.

References point to a GitHub crash-test repository demonstrating the issue and the source release tarball for libarchive 3.7.6, but no explicit advisories or patch details are detailed in the provided information.

Details

CWE(s)
CWE-476

Affected Products

libarchive
libarchive
≤ 3.7.6

CVEs Like This One

CVE-2025-25724Same product: Libarchive Libarchive
CVE-2026-4652Shared CWE-476
CVE-2026-33282Shared CWE-476
CVE-2025-0430Shared CWE-476
CVE-2026-31256Shared CWE-476
CVE-2025-69649Shared CWE-476
CVE-2026-27141Shared CWE-476
CVE-2026-25795Shared CWE-476
CVE-2026-22998Shared CWE-476
CVE-2025-63648Shared CWE-476

References