HIGHCVE-2026-4424Published Modified CNA redhat
CVE-2026-4424: Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 0:3.1.2-14.el7_9.2
- Affected Products
- 50
Fix available
0:3.1.2-14.el7_9.20:3.3.2-8.el8_2.20:3.3.3-1.el8_4.20:3.3.3-5.el8_8.20:3.3.3-6.el8_6.10:3.3.3-7.el8_100:3.5.3-2.el9_0.40:3.5.3-5.el9_2.20:3.5.3-5.el9_40:3.5.3-7.el9_6.10:3.5.3-9.el9_70:3.7.7-5.el10_00:3.7.7-8.el10_13.8.7-1.hum14.19.9.6.202605201155-07.13.5-3.17773256807.13.5-4.17773256777.13.5-4.17773256807.13.5-4.17773257087.13.5-4.17773257097.13.5-4.17773257107.13.5-4.1777325711412.86.202604281506-0414.92.202605060243-0415.92.202605060220-0416.94.202604211449-0417.94.202605112123-0418.94.202604240015-01776868744177686877217768687741776868842177686896117774543001777459441177745950417781015791778156756177824453117782445461778244559177827466617792236511779223654
Affected packages
- Red Hat / Red Hat Enterprise Linux 10Fixed in 0:3.7.7-8.el10_1
- Red Hat / Red Hat Enterprise Linux 10.0 Extended Update SupportFixed in 0:3.7.7-5.el10_0
- Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle SupportFixed in 0:3.1.2-14.el7_9.2
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.3.3-7.el8_10
- Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update SupportFixed in 0:3.3.2-8.el8_2.2
- Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportFixed in 0:3.3.3-1.el8_4.2
- Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnFixed in 0:3.3.3-1.el8_4.2
- Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportFixed in 0:3.3.3-6.el8_6.1
- Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceFixed in 0:3.3.3-6.el8_6.1
- Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsFixed in 0:3.3.3-6.el8_6.1
- Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceFixed in 0:3.3.3-5.el8_8.2
- Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsFixed in 0:3.3.3-5.el8_8.2
- Red Hat / Red Hat Enterprise Linux 9Fixed in 0:3.5.3-9.el9_7
- Red Hat / Red Hat Enterprise Linux 9Fixed in 0:3.5.3-9.el9_7
- Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsFixed in 0:3.5.3-2.el9_0.4
- Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsFixed in 0:3.5.3-5.el9_2.2
- Red Hat / Red Hat Enterprise Linux 9.4 Extended Update SupportFixed in 0:3.5.3-5.el9_4
- Red Hat / Red Hat Enterprise Linux 9.6 Extended Update SupportFixed in 0:3.5.3-7.el9_6.1
- Red Hat / Red Hat OpenShift Container Platform 4.12Fixed in 412.86.202604281506-0
- Red Hat / Red Hat OpenShift Container Platform 4.14Fixed in 414.92.202605060243-0
- Red Hat / Red Hat OpenShift Container Platform 4.15Fixed in 415.92.202605060220-0
- Red Hat / Red Hat OpenShift Container Platform 4.16Fixed in 416.94.202604211449-0
- Red Hat / Red Hat OpenShift Container Platform 4.17Fixed in 417.94.202605112123-0
- Red Hat / Red Hat OpenShift Container Platform 4.18Fixed in 418.94.202604240015-0
- Red Hat / Red Hat OpenShift Container Platform 4.19Fixed in 4.19.9.6.202605201155-0
- Red Hat / RHEL-8 based Middleware ContainersFixed in 7.13.5-4.1777325677
- Red Hat / RHEL-8 based Middleware ContainersFixed in 7.13.5-4.1777325711
- Red Hat / RHEL-8 based Middleware ContainersFixed in 7.13.5-4.1777325710
- Red Hat / RHEL-8 based Middleware ContainersFixed in 7.13.5-3.1777325680
- Red Hat / RHEL-8 based Middleware ContainersFixed in 7.13.5-4.1777325709
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
- RHSA-2026:10065
- RHSA-2026:10097
- RHSA-2026:11768
- RHSA-2026:12071
- RHSA-2026:12274
- RHSA-2026:13812
- RHSA-2026:14773
- RHSA-2026:14937
- RHSA-2026:15087
- RHSA-2026:16008
- RHSA-2026:16009
- RHSA-2026:16030
- RHSA-2026:16174
- RHSA-2026:17596
- RHSA-2026:19724
- RHSA-2026:19725
- RHSA-2026:20040
- RHSA-2026:8492
- RHSA-2026:8510
- RHSA-2026:8517
- RHSA-2026:8521
- RHSA-2026:8534
- RHSA-2026:8864
- RHSA-2026:8865
- RHSA-2026:8866
- RHSA-2026:8867
- RHSA-2026:8873
- RHSA-2026:8908
- RHSA-2026:8944
- RHSA-2026:9026
- RHSA-2026:9592
- RHSA-2026:9832
- access.redhat.com
- RHBZ#2449006
- github.com