HarborGuard / CVE
Back to search
HIGHCVE-2026-4111Published Modified CNA redhat

CVE-2026-4111: Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
0:3.5.3-2.el9_0.3
Affected Products
33

Fix available

0:3.5.3-2.el9_0.30:3.5.3-4.el9_4.20:3.5.3-5.el9_2.10:3.5.3-6.el9_6.10:3.5.3-7.el9_70:3.7.7-5.el10_00:3.7.7-5.el10_13.8.7-1.hum14.19.9.6.202604211219-0413.92.202604080111-0414.92.202605060243-0415.92.202605060220-0416.94.202604211449-0417.94.202605112123-0418.94.202604140044-017756687171775675922177568019217756802621775740563177574985717768687441776868772177686877417768688421776868961177824453117782445461778244559
Affected packages
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.7.7-5.el10_1
  • Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
    Fixed in 0:3.7.7-5.el10_0
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:3.5.3-7.el9_7
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:3.5.3-7.el9_7
  • Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
    Fixed in 0:3.5.3-2.el9_0.3
  • Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
    Fixed in 0:3.5.3-5.el9_2.1
  • Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
    Fixed in 0:3.5.3-4.el9_4.2
  • Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
    Fixed in 0:3.5.3-6.el9_6.1
  • Red Hat / Red Hat OpenShift Container Platform 4.13
    Fixed in 413.92.202604080111-0
  • Red Hat / Red Hat OpenShift Container Platform 4.14
    Fixed in 414.92.202605060243-0
  • Red Hat / Red Hat OpenShift Container Platform 4.15
    Fixed in 415.92.202605060220-0
  • Red Hat / Red Hat OpenShift Container Platform 4.16
    Fixed in 416.94.202604211449-0
  • Red Hat / Red Hat OpenShift Container Platform 4.17
    Fixed in 417.94.202605112123-0
  • Red Hat / Red Hat OpenShift Container Platform 4.18
    Fixed in 418.94.202604140044-0
  • Red Hat / Red Hat OpenShift Container Platform 4.19
    Fixed in 4.19.9.6.202604211219-0
  • Red Hat / Red Hat AI Inference Server 3.2
    Fixed in 1775740563
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1778244559
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1778244531
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1778244546
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1775680192
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1775680262
  • Red Hat / Red Hat AI Inference Server 3.3
    Fixed in 1775749857
  • Red Hat / Red Hat Discovery 2
    Fixed in 1775668717
  • Red Hat / Red Hat Discovery 2
    Fixed in 1775675922
  • Red Hat / Red Hat Hardened Images
    Fixed in 3.8.7-1.hum1
  • Red Hat / Red Hat Insights proxy 1.5
    Fixed in 1776868961
  • Red Hat / Red Hat Update Infrastructure 5
    Fixed in 1776868774
  • Red Hat / Red Hat Update Infrastructure 5
    Fixed in 1776868744
  • Red Hat / Red Hat Update Infrastructure 5
    Fixed in 1776868772
  • Red Hat / Red Hat Update Infrastructure 5
    Fixed in 1776868842
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References