7.5

CVE-2026-4424

EPSS 0.36%
Veröffentlicht 19.03.2026 13:50:27
Zuletzt bearbeitet 14.05.2026 23:16:37
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 34

NVD 13 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libarchive ≫ Libarchive Version-

Redhat ≫ Hardened Images Version-

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Openshift Container Platform Version4.16

Redhat ≫ Openshift Container Platform For Arm64 Version4.16

Redhat ≫ Openshift Container Platform For Power Version4.16

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2026-4424

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2449006

Third Party Advisory

Issue Tracking

https://github.com/libarchive/libarchive/pull/2898

Third Party Advisory

Issue Tracking

https://access.redhat.com/errata/RHSA-2026:8492

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8510

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8534

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8517

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8521

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8867

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8865

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8864

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8873

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8908

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8866

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:9026

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:9592

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:9832

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:8944

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:10065

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:11768

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:10097

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:13812

https://access.redhat.com/errata/RHSA-2026:14937

https://access.redhat.com/errata/RHSA-2026:12274

https://access.redhat.com/errata/RHSA-2026:12071

https://access.redhat.com/errata/RHSA-2026:16174

https://access.redhat.com/errata/RHSA-2026:15087

https://access.redhat.com/errata/RHSA-2026:14773

https://access.redhat.com/errata/RHSA-2026:16008

https://access.redhat.com/errata/RHSA-2026:16009

https://access.redhat.com/errata/RHSA-2026:16030

https://nvd.nist.gov/vuln/detail/CVE-2026-4424

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4424

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4424

EUVD