FKIE_CVE-2026-4111

Vulnerability from fkie_nvd - Published: 2026-03-13 19:55 - Updated: 2026-05-20 17:16
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:10065
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:10081
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:10097
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:14773
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:15087
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16008
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16009
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16174
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:17596
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:5063
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:5080
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:6647
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7093
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7105
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7106
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7239
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7329
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:7335
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8423
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8746
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8747
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8748
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8865
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8944
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:9832
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4111
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2446453
secalert@redhat.comhttps://github.com/libarchive/libarchive/pull/2877
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 una vulnerabilidad en la l\u00f3gica de descompresi\u00f3n de archivos RAR5 de la biblioteca libarchive, espec\u00edficamente dentro de la ruta de procesamiento de archive_read_data(). Cuando se procesa un archivo RAR5 especialmente manipulado, la rutina de descompresi\u00f3n puede entrar en un estado en el que la l\u00f3gica interna impide el avance. Esta condici\u00f3n resulta en un bucle infinito que consume continuamente recursos de CPU. Debido a que el archivo pasa la validaci\u00f3n de suma de verificaci\u00f3n y parece estructuralmente v\u00e1lido, las aplicaciones afectadas no pueden detectar el problema antes del procesamiento. Esto puede permitir a los atacantes causar condiciones persistentes de denegaci\u00f3n de servicio en servicios que procesan archivos autom\u00e1ticamente."
    }
  ],
  "id": "CVE-2026-4111",
  "lastModified": "2026-05-20T17:16:26.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-13T19:55:13.917",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:10081"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:10097"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:14773"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:15087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16174"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:17596"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:5063"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:5080"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:6647"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7093"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7106"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7239"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:7335"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8423"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8746"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8747"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8748"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:8944"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:9832"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4111"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/libarchive/libarchive/pull/2877"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.