CVE-2026-4424

EUVD-2026-13097
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
-
redhathardened_images
-
redhatopenshift_container_platform
4.0
redhatopenshift_container_platform
4.16
redhatopenshift_container_platform_for_arm64
4.16
redhatopenshift_container_platform_for_power
4.16
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
3.4.3-2+deb11u4
fixed
forky
3.8.7-1
fixed
sid
3.8.7-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
bionic
deferred
focal
deferred
jammy
deferred
noble
deferred
questing
deferred
resolute
deferred
trusty
deferred
xenial
deferred
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bsdtar
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 8.2 AUS
0:3.3.2-8.el8_2.2
fixed
RHEL 8.4 AUS
0:3.3.3-1.el8_4.2
fixed
RHEL 8.6 AUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 E4S
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 TUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.8 E4S
0:3.3.3-5.el8_8.2
fixed
RHEL 8.8 TUS
0:3.3.3-5.el8_8.2
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
libarchive
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 8.2 AUS
0:3.3.2-8.el8_2.2
fixed
RHEL 8.4 AUS
0:3.3.3-1.el8_4.2
fixed
RHEL 8.6 AUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 E4S
0:3.3.3-6.el8_6.1
fixed
RHEL 8.6 TUS
0:3.3.3-6.el8_6.1
fixed
RHEL 8.8 E4S
0:3.3.3-5.el8_8.2
fixed
RHEL 8.8 TUS
0:3.3.3-5.el8_8.2
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
libarchive-devel
RHEL 8
0:3.3.3-7.el8_10
fixed
RHEL 9
0:3.5.3-9.el9_7
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:8492
https://access.redhat.com/errata/RHSA-2026:8510
https://access.redhat.com/errata/RHSA-2026:8517
https://access.redhat.com/errata/RHSA-2026:8521
https://access.redhat.com/errata/RHSA-2026:8534
https://access.redhat.com/errata/RHSA-2026:8864
https://access.redhat.com/errata/RHSA-2026:8865
https://access.redhat.com/errata/RHSA-2026:8866
https://access.redhat.com/errata/RHSA-2026:8867
https://access.redhat.com/errata/RHSA-2026:8873
https://access.redhat.com/errata/RHSA-2026:8908
https://access.redhat.com/errata/RHSA-2026:8944
https://access.redhat.com/errata/RHSA-2026:9026
https://access.redhat.com/errata/RHSA-2026:9592
https://access.redhat.com/errata/RHSA-2026:9832
https://access.redhat.com/security/cve/CVE-2026-4424
https://bugzilla.redhat.com/show_bug.cgi?id=2449006
https://github.com/libarchive/libarchive/pull/2898