CVE-2026-4111

EUVD-2026-12031

13.03.2026, 19:55

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Debian Releases

Debian Product

Codename

libarchive

bookworm	3.6.2-1+deb12u4 fixed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	3.4.3-2+deb11u4 fixed
forky	3.8.7-1 fixed
sid	3.8.7-1 fixed
trixie	3.7.4-4+deb13u1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bsdtar

RHEL 9

0:3.5.3-7.el9_7

fixed

libarchive

RHEL 9

0:3.5.3-7.el9_7

fixed

libarchive-devel

RHEL 9

0:3.5.3-7.el9_7

fixed

Azure Linux Releases

Azure Package

Release

libarchive

Azure Linux 3.0	0:3.7.7-5.azl3 fixed
CBL-Mariner 2.0	0:3.6.1-9.cm2 fixed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Vulnerability Media Exposure

[GERMAN] libarchive: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2026-03-18T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2026:10065

https://access.redhat.com/errata/RHSA-2026:10081

https://access.redhat.com/errata/RHSA-2026:10097

https://access.redhat.com/errata/RHSA-2026:14773

https://access.redhat.com/errata/RHSA-2026:15087

https://access.redhat.com/errata/RHSA-2026:16008

https://access.redhat.com/errata/RHSA-2026:16009

https://access.redhat.com/errata/RHSA-2026:16174

https://access.redhat.com/errata/RHSA-2026:17596

https://access.redhat.com/errata/RHSA-2026:25096

https://access.redhat.com/errata/RHSA-2026:5063

https://access.redhat.com/errata/RHSA-2026:5080

https://access.redhat.com/errata/RHSA-2026:6647

https://access.redhat.com/errata/RHSA-2026:7093

https://access.redhat.com/errata/RHSA-2026:7105

https://access.redhat.com/errata/RHSA-2026:7106

https://access.redhat.com/errata/RHSA-2026:7239

https://access.redhat.com/errata/RHSA-2026:7329

https://access.redhat.com/errata/RHSA-2026:7335

https://access.redhat.com/errata/RHSA-2026:8423

https://access.redhat.com/errata/RHSA-2026:8746

https://access.redhat.com/errata/RHSA-2026:8747

https://access.redhat.com/errata/RHSA-2026:8748

https://access.redhat.com/errata/RHSA-2026:8865

https://access.redhat.com/errata/RHSA-2026:8944

https://access.redhat.com/errata/RHSA-2026:9832

https://access.redhat.com/security/cve/CVE-2026-4111

https://bugzilla.redhat.com/show_bug.cgi?id=2446453

https://github.com/libarchive/libarchive/pull/2877