FKIE_CVE-2026-4424

Vulnerability from fkie_nvd - Published: 2026-03-19 15:16 - Updated: 2026-06-10 18:17
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:10065Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:10097Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:11768Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:12071
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:12274
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:13812
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:14773
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:14937
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:15087
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16008
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16009
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16030
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:16174
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:17596
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:19724
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:19725
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:20040
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:21690
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:25096
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8492Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8510Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8517Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8521Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8534Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8864Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8865Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8866Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8867Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8873Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8908Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:8944Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:9026Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:9592Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:9832Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4424Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2449006Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://github.com/libarchive/libarchive/pull/2898Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
libarchive libarchive -
redhat hardened_images -
redhat openshift_container_platform 4.0
redhat openshift_container_platform 4.16
redhat openshift_container_platform_for_arm64 4.16
redhat openshift_container_platform_for_power 4.16
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A51945D-40D7-4C28-B0BB-774687265DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DEB507-5B64-47D7-9A50-3B87FD1E571F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBB38E1-4161-402D-8A37-74D92891AAC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3056B67-E5C4-40A0-86BF-1D9E6637B13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC48A26-5827-4EC0-BE90-EA25F0A9B56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en libarchive. Esta vulnerabilidad de lectura fuera de l\u00edmites de la pila (heap) existe en la l\u00f3gica de procesamiento de archivos RAR debido a una validaci\u00f3n incorrecta del tama\u00f1o de la ventana deslizante LZSS despu\u00e9s de las transiciones entre m\u00e9todos de compresi\u00f3n. Un atacante remoto puede explotar esto al proporcionar un archivo RAR especialmente dise\u00f1ado, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n sensible de la memoria de la pila (heap) sin requerir autenticaci\u00f3n ni interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2026-4424",
  "lastModified": "2026-06-10T18:17:10.960",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-19T15:16:28.300",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:10097"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:11768"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:12071"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:12274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:13812"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:14773"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:14937"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:15087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16030"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:16174"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:17596"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:19724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:19725"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:20040"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:21690"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:25096"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8492"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8510"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8517"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8521"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8534"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8864"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8865"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8866"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8867"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8873"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8908"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:8944"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:9026"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:9592"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:9832"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2026-4424"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libarchive/libarchive/pull/2898"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.