CVE-2026-4424

EUVD-2026-13097
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
-
redhathardened_images
-
redhatopenshift_container_platform
4.0
redhatopenshift_container_platform
4.16
redhatopenshift_container_platform_for_arm64
4.16
redhatopenshift_container_platform_for_power
4.16
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u4
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
3.4.3-2+deb11u4
fixed
forky
3.8.7-1
fixed
sid
3.8.7-1
fixed
trixie
3.7.4-4+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
bionic
Fixed 3.2.2-3.1ubuntu0.7+esm3
released
focal
Fixed 3.4.0-2ubuntu1.5+esm2
released
jammy
Fixed 3.6.0-1ubuntu1.7
released
noble
Fixed 3.7.2-2ubuntu0.7
released
questing
Fixed 3.7.7-0ubuntu3.2
released
resolute
Fixed 3.8.5-1ubuntu2.1
released
trusty
Fixed 3.1.2-7ubuntu2.8+esm5
released
xenial
Fixed 3.1.2-11ubuntu0.16.04.8+esm3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bsdtar
suse enterprise server 15 SP6
3.7.2-150600.3.20.1
fixed
libarchive-devel
suse enterprise desktop 15 SP7
3.7.2-150600.3.20.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.20.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.20.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.20.1
fixed
libarchive13
suse enterprise desktop 15 SP7
3.7.2-150600.3.20.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.20.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.20.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bsdtar
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 8.2 AUS
0:3.3.2-8.el8_2.2
fixed
RHEL 8.4 AUS
0:3.3.3-1.el8_4.2
fixed
RHEL 8.6 AUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 E4S
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 TUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.8 E4S
0:3.3.3-5.el8_8.2
fixed
RHEL 8.8 TUS
0:3.3.3-5.el8_8.2
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
libarchive
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 8.2 AUS
0:3.3.2-8.el8_2.2
fixed
RHEL 8.4 AUS
0:3.3.3-1.el8_4.2
fixed
RHEL 8.6 AUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 E4S
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 TUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.8 E4S
0:3.3.3-5.el8_8.2
fixed
RHEL 8.8 TUS
0:3.3.3-5.el8_8.2
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
libarchive-devel
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libarchive
Azure Linux 3.0
0:3.7.7-6.azl3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:12071
https://access.redhat.com/errata/RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:8492
https://access.redhat.com/errata/RHSA-2026:8510
https://access.redhat.com/errata/RHSA-2026:8517
https://access.redhat.com/errata/RHSA-2026:8521
https://access.redhat.com/errata/RHSA-2026:8534
https://access.redhat.com/errata/RHSA-2026:8864
https://access.redhat.com/errata/RHSA-2026:8865
https://access.redhat.com/errata/RHSA-2026:8866
https://access.redhat.com/errata/RHSA-2026:8867
https://access.redhat.com/errata/RHSA-2026:8873
https://access.redhat.com/errata/RHSA-2026:8908
https://access.redhat.com/errata/RHSA-2026:8944
https://access.redhat.com/errata/RHSA-2026:9026
https://access.redhat.com/errata/RHSA-2026:9592
https://access.redhat.com/errata/RHSA-2026:9832
https://access.redhat.com/security/cve/CVE-2026-4424
https://bugzilla.redhat.com/show_bug.cgi?id=2449006
https://github.com/libarchive/libarchive/pull/2898