CVE-2026-4111
Severity
High
CVSS score
7.5Package
libarchiveAffected versions
>= 3.6.2-1+deb12u2, < 3.7.4-4+e4A flaw has been identified in the RAR5 archive decompression logic of the libarchive library, specifically in the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state that prevents forward progress. This condition results in an infinite loop, continuously consuming CPU resources. Since the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue prior to processing. This vulnerability can enable attackers to create persistent denial-of-service conditions in services that automatically process archives.
NVD Record:
References:
- https://access.redhat.com/errata/RHSA-2026:10065
- https://access.redhat.com/errata/RHSA-2026:10081
- https://access.redhat.com/errata/RHSA-2026:10097
- https://access.redhat.com/errata/RHSA-2026:5063
- https://access.redhat.com/errata/RHSA-2026:5080
- https://access.redhat.com/errata/RHSA-2026:6647
- https://access.redhat.com/errata/RHSA-2026:7093
- https://access.redhat.com/errata/RHSA-2026:7105
- https://access.redhat.com/errata/RHSA-2026:7106
- https://access.redhat.com/errata/RHSA-2026:7239