Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Summary
| CVE | CVE-2026-4424 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-19 15:16:28 UTC |
| Updated | 2026-04-16 20:16:39 UTC |
| Description | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem Types: CWE-125 | CWE-125 Out-of-bounds Read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | CNA | CVSS | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Red Hat | Red Hat Enterprise Linux 10 | unaffected 0:3.7.7-8.el10_1 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | unaffected 0:3.1.2-14.el7_9.2 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 8 | unaffected 0:3.3.3-7.el8_10 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | unaffected 0:3.3.2-8.el8_2.2 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:3.5.3-9.el9_7 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:3.5.3-9.el9_7 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| CNA | Red Hat | Red Hat Hardened Images | Not specified | Not specified |
| CNA | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2026:8534 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:8521 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:8492 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:8510 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:8517 | [email protected] | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2026-4424 | [email protected] | access.redhat.com | |
| github.com/libarchive/libarchive/pull/2898 | [email protected] | github.com | |
| bugzilla.redhat.com/show_bug.cgi | [email protected] | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Red Hat would like to thank Elhanan Haenel for reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-03-19T12:22:21.740Z | Reported to Red Hat. |
| CNA | 2026-03-19T00:00:00.000Z | Made public. |
Workarounds
CNA: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
There are currently no legacy QID mappings associated with this CVE.