CVE-2026-4111 in libarchiveinfo

Zusammenfassung

von MITRE • 13.03.2026

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Redhat

Reservieren

13.03.2026

Veröffentlichung

13.03.2026

Moderieren

akzeptiert

Eintrag

VDB-350979

CPE

bereit

CWE

CWE-835 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00037

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Agriculture, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4111
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4111
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4111/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!