CVE-2026-4424

Summary

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:3.7.7-8.el10_1 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.7.7-5.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:3.1.2-14.el7_9.2 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.3.3-7.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:3.3.2-8.el8_2.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:3.3.3-1.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:3.3.3-1.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:3.3.3-6.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:3.3.3-6.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:3.3.3-6.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:3.3.3-5.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:3.3.3-5.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.5.3-9.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.5.3-9.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:3.5.3-2.el9_0.4 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:3.5.3-5.el9_2.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:3.5.3-5.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:3.5.3-7.el9_6.1 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.12412.86.202604281506-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202605271328-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14414.92.202605060243-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202605060220-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202604211449-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202605112123-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18418.94.202604240015-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.194.19.9.6.202605201155-0 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325677 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325711 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325710 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-3.1777325680 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325709 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325680 < *unaffected
Red HatRHEL-8 based Middleware Containers7.13.5-4.1777325708 < *unaffected
Red HatRed Hat AI Inference Server 3.21779223654 < *unaffected
Red HatRed Hat AI Inference Server 3.21779223651 < *unaffected
Red HatRed Hat AI Inference Server 3.21780681984 < *unaffected
Red HatRed Hat AI Inference Server 3.31778244559 < *unaffected
Red HatRed Hat AI Inference Server 3.31778244531 < *unaffected
Red HatRed Hat AI Inference Server 3.31778274666 < *unaffected
Red HatRed Hat AI Inference Server 3.31778244546 < *unaffected
Red HatRed Hat Discovery 21778101579 < *unaffected
Red HatRed Hat Discovery 21778156756 < *unaffected
Red HatRed Hat Hardened Images3.8.7-1.hum1 < *unaffected
Red HatRed Hat Insights proxy 1.51776868961 < *unaffected
Red HatRed Hat Update Infrastructure 51776868774 < *unaffected
Red HatRed Hat Update Infrastructure 51776868744 < *unaffected
Red HatRed Hat Update Infrastructure 51776868772 < *unaffected
Red HatRed Hat Update Infrastructure 51776868842 < *unaffected
Red HatRed Hat Update Infrastructure 51777459441 < *unaffected
Red HatRed Hat Update Infrastructure 51777454300 < *unaffected
Red HatRed Hat Update Infrastructure 51777459504 < *unaffected

Weaknesses

  • CWE-125: Out-of-bounds Read

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

Additional References

References